ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scout

v2.3.0

Structured OSINT research on people, companies, and organizations. Use when the user wants a provenance-backed brief, entity resolution across public sources...

1· 376·2 current·2 all-time
byIndigo Karasu@indigokarasu

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for indigokarasu/ocas-scout.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Scout" (indigokarasu/ocas-scout) from ClawHub.
Skill page: https://clawhub.ai/indigokarasu/ocas-scout
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ocas-scout

ClawHub CLI

Package manager switcher

npx clawhub@latest install ocas-scout
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and runtime instructions consistently describe an OSINT research skill (tiered source waterfall, provenance, minimization, journaling, and emitting structured Signal files). Requested permissions (local data and journal storage) are appropriate for a research skill.
!
Instruction Scope
SKILL.md instructs the agent to emit Signal files into another skill's intake path (~/openclaw/db/ocas-elephas/intake/...), and to register a nightly cron self-update job via scout.init. The skill.json filesystem declares read/write only for data and journals, not the Elephas intake or cron configuration. Writing signals into another skill's directory and registering cron jobs are side effects that extend scope and should be explicitly declared and consented to.
Install Mechanism
This is an instruction-only skill with no install spec or code files (lowest install risk). However SKILL.md/README mention self-update and include an 'install' call (openclaw skill install https://github.com/indigokarasu/scout) and claim scout.init will register a cron job — behaviors that imply install-time or privileged actions but have no implementation bundled here. That mismatch should be clarified.
Credentials
No environment variables or credentials are required up-front. Tier 3 paid sources are explicitly gated behind recorded PermissionGrant and config flags, which is proportionate. No unrelated credentials are requested.
!
Persistence & Privilege
Skill.json grants local data/journal read-write and storage layout shows local retention. The README and SKILL.md additionally claim automatic daily self-update (cron) and ongoing signal emission to Elephas. Automatic self-updates and cron registration increase persistence and attack surface yet are not reflected in an install script here — this is a privilege mismatch worth clarifying before enabling.
What to consider before installing
What to check before installing or enabling this skill: - Confirm origin: the SKILL.md points to a GitHub repo (indigokarasu/scout). Review that repository yourself to verify the code and to confirm how (or whether) the cron self-update and scout.init behaviors are implemented. An instruction-only bundle here cannot actually register cron jobs itself unless the platform or a fetched repo does so. - Ask the author to clarify declared filesystem permissions: SKILL.md says Scout will write Signal files to ~/openclaw/db/ocas-elephas/intake/, but skill.json only lists read/write for ~/openclaw/data/ocas-scout/ and ~/openclaw/journals/ocas-scout/. If the skill will place files in Elephas' intake directory, that write access should be declared and you should consent to cross-skill writes. - Be cautious about persistence/self-update: the skill claims to register a nightly self-update cron job. Decide if you want an auto-updating skill (it changes behavior over time). If you allow updates, verify the update source (the GitHub repo and release mechanism) and whether updates are signed/verified. - Data handling and privacy: Scout will store research results and journals locally and emit Signal files (which may contain PII) to an intake directory. Confirm retention settings (default retention: 90 days) and where backups or exports go. Ensure you understand and approve these local writes before use. - Tier 3 paid sources: do not enable paid-source escalation without explicit policy and credential handling controls. The skill claims Tier 3 requires a PermissionGrant; verify the implementation enforces that hard stop. - If you cannot inspect the upstream repo, treat this as higher risk: avoid enabling self-update and cross-skill writes until provenance and implementation details are verified. If the author can confirm and correct the declared filesystem permissions and explain exactly how/where cron registration and self-updates occur (and you inspect the upstream code), the remaining concerns are addressable.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7vfw8t3fpwk83gagxjezdn83sxfb
376downloads
1stars
3versions
Updated 16m ago
v2.3.0
MIT-0
Indigo Karasu@indigokarasu
latest
Download

Scout

Scout conducts lawful OSINT research on people, companies, and organizations, assembling provenance-backed briefs where every claim carries a source reference, retrieval timestamp, and direct quote. It works through a tiered source waterfall — public web first, then rate-limited registries, then paid databases only with explicit permission — collecting no more than the stated research goal requires.

When to use

  • Research a person and build a source-backed brief
  • Do background research on a company using public sources
  • Resolve whether two profiles are the same person with cited sources
  • Compile what is publicly knowable about a subject
  • Expand a quick lookup into an auditable brief

When not to use

  • Illegal intrusion into private systems
  • Credential theft or bypassing access controls
  • Covert surveillance
  • Speculative doxxing
  • Topic research without a person/org focus — use Sift

Responsibility boundary

Scout owns lawful OSINT research on people and organizations with provenance-backed output.

Scout does not own: general topic research (Sift), image processing (Look), knowledge graph writes (Elephas), social graph (Weave), communications (Dispatch).

Commands

  • scout.research.start — begin a new research request with subject and goal
  • scout.research.expand --tier <1|2|3> — escalate to a higher source tier
  • scout.brief.render — generate the final markdown brief with findings and sources
  • scout.brief.render_pdf — optional PDF brief generation
  • scout.status — return current research state
  • scout.journal — write journal for the current run; called at end of every run
  • scout.update — pull latest from GitHub source; preserves journals and data

Invariants

  1. Legality-first — only publicly available sources without bypassing access controls
  2. Minimization — collect only what the research goal requires
  3. Provenance for every claim — at least one source reference with URL, retrieval timestamp, and quote
  4. Paid sources require explicit permission — Tier 3 needs a recorded PermissionGrant
  5. No doxxing by default — private details suppressed unless explicitly permitted
  6. Uncertainty must be surfaced — incomplete identity resolution stated clearly

Input contract

ResearchRequest requires: request_id, as_of, subject (type, name, aliases, known_locations, known_handles), goal, constraints (time_budget_minutes, minimize_pii).

Read references/scout_schemas.md for exact schema.

Research workflow

  1. Normalize request and subject identity inputs
  2. Resolve likely identity matches conservatively
  3. Run Tier 1 public-source collection
  4. Record provenance for every retained claim
  5. Compile preliminary findings with confidence levels
  6. Escalate to Tier 2 only if enabled and useful
  7. Escalate to Tier 3 only after explicit permission grant is recorded
  8. Generate brief with findings, uncertainty, and source log
  9. Store request, findings, sources, and decisions locally
  10. Emit Signal files for confirmed entities and relationships to ~/openclaw/db/ocas-elephas/intake/{signal_id}.signal.json. Use Signal schema from spec-ocas-shared-schemas.md. One file per entity or relationship with sufficient confidence.
  11. Write journal via scout.journal

When minimize_pii=true, suppress unnecessary sensitive details in the final brief.

Source waterfall

Read references/scout_source_waterfall.md for full tier logic.

  • Tier 1 — public web, official sites, news, filings, public social profiles. Automatic.
  • Tier 2 — rate-limited sources, registries, extended datasets. Only if enabled and useful.
  • Tier 3 — paid OSINT providers, background databases. Requires explicit permission grant.

Output requirements

Markdown brief with: Executive Summary, Identity Resolution Notes, Findings, Risk and Uncertainty, Source Log. Every finding carries source-backed provenance.

Inter-skill interfaces

Scout writes Signal files to Elephas intake: ~/openclaw/db/ocas-elephas/intake/{signal_id}.signal.json

Emit one Signal file per confirmed entity or high-confidence relationship discovered during research. Use the Signal schema from spec-ocas-shared-schemas.md. Elephas decides promotion.

See spec-ocas-interfaces.md for signal format.

Storage layout

~/openclaw/data/ocas-scout/
  config.json
  requests.jsonl
  sources.jsonl
  findings.jsonl
  decisions.jsonl
  briefs/
  reports/

~/openclaw/journals/ocas-scout/
  YYYY-MM-DD/
    {run_id}.json

Default config.json:

{
  "skill_id": "ocas-scout",
  "skill_version": "2.3.0",
  "config_version": "1",
  "created_at": "",
  "updated_at": "",
  "waterfall": {
    "enabled_tiers": [1, 2]
  },
  "paid_sources": {
    "enabled": false
  },
  "brief": {
    "format": "markdown"
  },
  "retention": {
    "days": 90,
    "max_records": 10000
  }
}

OKRs

Universal OKRs from spec-ocas-journal.md apply to all runs.

skill_okrs:
  - name: verified_claim_ratio
    metric: fraction of findings with at least one verified source reference
    direction: maximize
    target: 0.70
    evaluation_window: 30_runs
  - name: entity_resolution_accuracy
    metric: fraction of identity resolutions confirmed correct
    direction: maximize
    target: 0.90
    evaluation_window: 30_runs
  - name: source_diversity
    metric: median unique source domains per brief
    direction: maximize
    target: 6
    evaluation_window: 30_runs

Optional skill cooperation

  • Weave — read social graph (read-only) for identity context
  • Elephas — optionally emit Signal files for Chronicle promotion
  • Sift — may use Sift for web searches during research

Journal outputs

  • Observation Journal — research runs producing findings
  • Research Journal — structured multi-source research sessions

Visibility

public

Initialization

On first invocation of any Scout command, run scout.init:

  1. Create ~/openclaw/data/ocas-scout/ and all subdirectories (briefs/, reports/)
  2. Write default config.json with ConfigBase fields if absent
  3. Create empty JSONL files: requests.jsonl, sources.jsonl, findings.jsonl, decisions.jsonl
  4. Create ~/openclaw/journals/ocas-scout/
  5. Ensure ~/openclaw/db/ocas-elephas/intake/ exists (create if missing)
  6. Register cron job scout:update if not already present (check openclaw cron list first)
  7. Log initialization as a DecisionRecord in decisions.jsonl

Background tasks

Job nameMechanismScheduleCommand
scout:updatecron0 0 * * * (midnight daily)scout.update
openclaw cron add --name scout:update --schedule "0 0 * * *" --command "scout.update" --sessionTarget isolated --lightContext true --timezone America/Los_Angeles

Self-update

scout.update pulls the latest package from the source: URL in this file's frontmatter. Runs silently — no output unless the version changed or an error occurred.

  1. Read source: from frontmatter → extract {owner}/{repo} from URL
  2. Read local version from skill.json
  3. Fetch remote version: gh api "repos/{owner}/{repo}/contents/skill.json" --jq '.content' | base64 -d | python3 -c "import sys,json;print(json.load(sys.stdin)['version'])"
  4. If remote version equals local version → stop silently
  5. Download and install: 
    TMPDIR=$(mktemp -d)
gh api "repos/{owner}/{repo}/tarball/main" > "$TMPDIR/archive.tar.gz"
mkdir "$TMPDIR/extracted"
tar xzf "$TMPDIR/archive.tar.gz" -C "$TMPDIR/extracted" --strip-components=1
cp -R "$TMPDIR/extracted/"* ./
rm -rf "$TMPDIR"
  6. On failure → retry once. If second attempt fails, report the error and stop.
  7. Output exactly: I updated Scout from version {old} to {new}

Support file map

FileWhen to read
references/scout_schemas.mdBefore creating requests, findings, or briefs
references/scout_source_waterfall.mdBefore tier selection or escalation decisions
references/scout_brief_template.mdBefore rendering briefs
references/journal.mdBefore scout.journal; at end of every run

Comments

Loading comments...