Nicholai/.agents
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2026-02-23_pre-signet-backup

Browse Source
This commit is contained in:
Nicholai Vogel 2026-02-23 04:25:00 -07:00
parent b4b3661dd6
commit 8ee5ee60d2
10 changed files with 828 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.agent/skills/marketing-content-strategy Symbolic link
View File

@ -0,0 +1 @@
../../.agents/skills/marketing-content-strategy

1
.agent/skills/marketing-psychology Symbolic link
View File

@ -0,0 +1 @@
../../.agents/skills/marketing-psychology

168
.agents/skills/marketing-content-strategy/SKILL.md Normal file
View File

@ -0,0 +1,168 @@
---
name: marketing-content-strategy
description: Content strategy and operations for marketing teams. Positioning, messaging hierarchy, content pillars, editorial calendars, trust-building content, brand architecture, GEO/AI discovery, and content ROI measurement. Use for positioning sprints, trust audits, messaging matrices, content pillar planning, editorial ops, or ROI attribution (including regulated industries).
---
# CONTENT STRATEGY - POSITIONING & TRUST OS (OPERATIONAL)
Built as a **no-fluff execution skill** for content strategy, positioning, and trust-building.
**Structure**: Core frameworks first. Fintech/sensitive data examples throughout. AI-specific automation in clearly labeled "Optional: AI / Automation" sections.
**Modern Best Practices (Jan 2026)**:
- Start from positioning (who you're for, what you replace, why you win), then derive messaging hierarchy.
- Build trust signals before scaling traffic. Low trust + high traffic = wasted spend.
- Use brand architecture intentionally: endorsed brands inherit credibility; standalone brands don't.
- Instrument content to funnel stage; measure content-attributed pipeline, not just traffic.
- Optimize for GEO (Generative Engine Optimization); your content becomes a source cited by AI, not just a destination users visit.
---
## Default Workflow (Operational)
Use this as the default response plan unless the user requests a specific artifact.
1. Clarify: product, ICP, stage, constraints, primary channel(s), and success metric.
2. Select module(s) via the decision tree.
3. Produce 13 concrete artifacts using the templates in `assets/` (not just advice).
4. Add a trust + compliance pass (claims, proof, disclosures; especially for sensitive data).
5. Add measurement: define 13 leading indicators + 12 business outcomes.
6. Close with next steps: what to validate, what to publish, what to instrument.
## Default Outputs (Pick 13)
- Positioning sprint output: `assets/positioning-canvas.md` + `references/positioning-framework.md`
- Messaging matrix: `assets/messaging-matrix.md` + `references/message-hierarchy.md`
- Trust audit + fixes: `assets/trust-signals-checklist.md` + `references/trust-building-playbook.md`
- Brand architecture decision: `assets/brand-connection-template.md` + `references/brand-architecture-guide.md`
- Content pillars + plan: `assets/content-pillar-plan.md` + `references/content-pillars.md`
- Editorial calendar: `assets/editorial-calendar.md` + `references/content-ops-checklist.md`
- Content brief: `assets/content-brief.md`
- ROI model + tracking plan: `assets/content-roi-calculator.md` + `references/content-roi-attribution.md`
## GEO: Generative Engine Optimization (2026)
Content discoverability shifting from websites to AI chat interfaces. Optimize for LLM retrieval, not just Google SERP.
**Key shift**: Success = citations + brand mentions in AI responses, not just traffic.
For full GEO implementation, see [references/geo-optimization.md](references/geo-optimization.md).
---
## Decision Tree: What Content Strategy Task?
```text
CONTENT STRATEGY QUESTION
|
+-> "How do I position my product?" -----> POSITIONING
| --> positioning-framework.md
|
+-> "How do I build trust?" --------------> TRUST-BUILDING
| --> trust-building-playbook.md
|
+-> "How do I connect sub-brand to -> BRAND ARCHITECTURE
| parent brand?" --> brand-architecture-guide.md
|
+-> "What should I say to whom?" ---------> MESSAGE HIERARCHY
| --> message-hierarchy.md
|
+-> "What content do I create?" ----------> CONTENT PILLARS
| --> content-pillar-plan.md
| --> content-pillars.md
|
+-> "Fintech/regulated industry?" --------> COMPLIANCE MESSAGING
| --> fintech-compliance-messaging.md
|
+-> "How do I prove content ROI?" --------> ROI ATTRIBUTION
| --> content-roi-attribution.md
| --> content-roi-calculator.md
|
+-> "Full content strategy" --------------> COMPREHENSIVE
--> Use all resources
```
---
## Core Modules (Open Subfiles)
Use the linked guides/templates for implementation details:
- Expert mental models (how to decide): [references/expert-mental-models.md](references/expert-mental-models.md)
- Positioning: [references/positioning-framework.md](references/positioning-framework.md) and [assets/positioning-canvas.md](assets/positioning-canvas.md)
- Trust-building: [references/trust-building-playbook.md](references/trust-building-playbook.md) and [assets/trust-signals-checklist.md](assets/trust-signals-checklist.md)
- Brand architecture: [references/brand-architecture-guide.md](references/brand-architecture-guide.md) and [assets/brand-connection-template.md](assets/brand-connection-template.md)
- Messaging hierarchy: [references/message-hierarchy.md](references/message-hierarchy.md) and [assets/messaging-matrix.md](assets/messaging-matrix.md)
- Content pillars and video: [references/content-pillars.md](references/content-pillars.md) and [assets/content-pillar-plan.md](assets/content-pillar-plan.md)
- Fintech/regulated messaging: [references/fintech-compliance-messaging.md](references/fintech-compliance-messaging.md)
- Content ROI: [references/content-roi-attribution.md](references/content-roi-attribution.md) and [assets/content-roi-calculator.md](assets/content-roi-calculator.md)
- Content ops and SOPs: [references/content-ops-checklist.md](references/content-ops-checklist.md) and [assets/editorial-calendar.md](assets/editorial-calendar.md)
---
## Resources & Templates
**References** (deep-dive guides):
[expert-mental-models.md](references/expert-mental-models.md) | [positioning-framework.md](references/positioning-framework.md) | [trust-building-playbook.md](references/trust-building-playbook.md) | [brand-architecture-guide.md](references/brand-architecture-guide.md) | [message-hierarchy.md](references/message-hierarchy.md) | [fintech-compliance-messaging.md](references/fintech-compliance-messaging.md) | [content-ops-checklist.md](references/content-ops-checklist.md) | [geo-optimization.md](references/geo-optimization.md) | [content-roi-attribution.md](references/content-roi-attribution.md) | [ai-content-automation.md](references/ai-content-automation.md) | [trend-awareness-protocol.md](references/trend-awareness-protocol.md) | [content-pillars.md](references/content-pillars.md)
**Templates** (copy-paste assets):
[positioning-canvas.md](assets/positioning-canvas.md) | [trust-signals-checklist.md](assets/trust-signals-checklist.md) | [brand-connection-template.md](assets/brand-connection-template.md) | [messaging-matrix.md](assets/messaging-matrix.md) | [content-pillar-plan.md](assets/content-pillar-plan.md) | [content-brief.md](assets/content-brief.md) | [editorial-calendar.md](assets/editorial-calendar.md) | [content-strategy-brief.md](assets/content-strategy-brief.md) | [trust-brief.md](assets/trust-brief.md) | [content-roi-calculator.md](assets/content-roi-calculator.md)
**Data**: [sources.json](data/sources.json)
---
## When NOT to Use This Skill
| Need | Use Instead |
|------|-------------|
| Channel-specific tactics (posting, engagement) | [marketing-social-media](../marketing-social-media/SKILL.md) |
| SEO/technical optimization | [marketing-seo-complete](../marketing-seo-complete/SKILL.md) |
| Landing page conversion | [marketing-leads-generation](../marketing-leads-generation/SKILL.md) |
| AI search optimization (GEO deep-dive) | [marketing-ai-search-optimization](../marketing-ai-search-optimization/SKILL.md) |
| Product roadmap communication | [product-management](../product-management/SKILL.md) |
---
## International Markets
This skill uses US/UK market defaults. For international marketing:
| Need | See Skill |
|------|-----------|
| Regional platforms (WeChat, LINE, Naver) | [marketing-geo-localization](../marketing-geo-localization/SKILL.md) |
| Cultural messaging adaptation | [marketing-geo-localization](../marketing-geo-localization/SKILL.md) |
| Regional compliance (GDPR, CASL, LGPD, PIPL) | [marketing-geo-localization](../marketing-geo-localization/SKILL.md) |
| Non-English content strategy | [marketing-geo-localization](../marketing-geo-localization/SKILL.md) |
**Auto-triggers**: When your query mentions a specific country, region, language, or compliance framework, both skills load automatically.
---
## Related Skills
- [marketing-geo-localization](../marketing-geo-localization/SKILL.md) - International marketing, regional platforms, cultural adaptation
- [marketing-leads-generation](../marketing-leads-generation/SKILL.md) - Funnel design, landing page optimization, conversion
- [marketing-social-media](../marketing-social-media/SKILL.md) - Channel-specific content tactics
- [marketing-seo-complete](../marketing-seo-complete/SKILL.md) - Search visibility for content
- [marketing-ai-search-optimization](../marketing-ai-search-optimization/SKILL.md) - AI search surface optimization
- [startup-go-to-market](../startup-go-to-market/SKILL.md) - GTM strategy, ICP, channel selection
- [product-management](../product-management/SKILL.md) - Product positioning, roadmap communication
---
## Usage Notes
- Stay operational: return positioning statements, trust checklists, message matrices; avoid theory.
- Use fintech examples for sensitive data products; adapt for other regulated industries.
- If positioning unclear, run positioning sprint before content planning.
- For new products with parent brand, default to endorsed brand pattern.
- Cite template/resource path when providing frameworks.
- Use `data/sources.json` as the default web research shortlist when external validation is required.
---
## Optional: AI / Automation
Core positioning and trust frameworks work without AI. For AI content automation, agentic workflows, C2PA provenance, and 2026 disclosure requirements, see [references/ai-content-automation.md](references/ai-content-automation.md).

454
.agents/skills/marketing-psychology/SKILL.md Normal file
View File

@ -0,0 +1,454 @@
---
name: marketing-psychology
version: 1.0.0
description: "When the user wants to apply psychological principles, mental models, or behavioral science to marketing. Also use when the user mentions 'psychology,' 'mental models,' 'cognitive bias,' 'persuasion,' 'behavioral science,' 'why people buy,' 'decision-making,' or 'consumer behavior.' This skill provides 70+ mental models organized for marketing application."
---
# Marketing Psychology & Mental Models
You are an expert in applying psychological principles and mental models to marketing. Your goal is to help users understand why people buy, how to influence behavior ethically, and how to make better marketing decisions.
## How to Use This Skill
**Check for product marketing context first:**
If `.claude/product-marketing-context.md` exists, read it before applying mental models. Use that context to tailor recommendations to the specific product and audience.
Mental models are thinking tools that help you make better decisions, understand customer behavior, and create more effective marketing. When helping users:
1. Identify which mental models apply to their situation
2. Explain the psychology behind the model
3. Provide specific marketing applications
4. Suggest how to implement ethically
---
## Foundational Thinking Models
These models sharpen your strategy and help you solve the right problems.
### First Principles
Break problems down to basic truths and build solutions from there. Instead of copying competitors, ask "why" repeatedly to find root causes. Use the 5 Whys technique to tunnel down to what really matters.
**Marketing application**: Don't assume you need content marketing because competitors do. Ask why you need it, what problem it solves, and whether there's a better solution.
### Jobs to Be Done
People don't buy products—they "hire" them to get a job done. Focus on the outcome customers want, not features.
**Marketing application**: A drill buyer doesn't want a drill—they want a hole. Frame your product around the job it accomplishes, not its specifications.
### Circle of Competence
Know what you're good at and stay within it. Venture outside only with proper learning or expert help.
**Marketing application**: Don't chase every channel. Double down where you have genuine expertise and competitive advantage.
### Inversion
Instead of asking "How do I succeed?", ask "What would guarantee failure?" Then avoid those things.
**Marketing application**: List everything that would make your campaign fail—confusing messaging, wrong audience, slow landing page—then systematically prevent each.
### Occam's Razor
The simplest explanation is usually correct. Avoid overcomplicating strategies or attributing results to complex causes when simple ones suffice.
**Marketing application**: If conversions dropped, check the obvious first (broken form, page speed) before assuming complex attribution issues.
### Pareto Principle (80/20 Rule)
Roughly 80% of results come from 20% of efforts. Identify and focus on the vital few.
**Marketing application**: Find the 20% of channels, customers, or content driving 80% of results. Cut or reduce the rest.
### Local vs. Global Optima
A local optimum is the best solution nearby, but a global optimum is the best overall. Don't get stuck optimizing the wrong thing.
**Marketing application**: Optimizing email subject lines (local) won't help if email isn't the right channel (global). Zoom out before zooming in.
### Theory of Constraints
Every system has one bottleneck limiting throughput. Find and fix that constraint before optimizing elsewhere.
**Marketing application**: If your funnel converts well but traffic is low, more conversion optimization won't help. Fix the traffic bottleneck first.
### Opportunity Cost
Every choice has a cost—what you give up by not choosing alternatives. Consider what you're saying no to.
**Marketing application**: Time spent on a low-ROI channel is time not spent on high-ROI activities. Always compare against alternatives.
### Law of Diminishing Returns
After a point, additional investment yields progressively smaller gains.
**Marketing application**: The 10th blog post won't have the same impact as the first. Know when to diversify rather than double down.
### Second-Order Thinking
Consider not just immediate effects, but the effects of those effects.
**Marketing application**: A flash sale boosts revenue (first order) but may train customers to wait for discounts (second order).
### Map ≠ Territory
Models and data represent reality but aren't reality itself. Don't confuse your analytics dashboard with actual customer experience.
**Marketing application**: Your customer persona is a useful model, but real customers are more complex. Stay in touch with actual users.
### Probabilistic Thinking
Think in probabilities, not certainties. Estimate likelihoods and plan for multiple outcomes.
**Marketing application**: Don't bet everything on one campaign. Spread risk and plan for scenarios where your primary strategy underperforms.
### Barbell Strategy
Combine extreme safety with small high-risk/high-reward bets. Avoid the mediocre middle.
**Marketing application**: Put 80% of budget into proven channels, 20% into experimental bets. Avoid moderate-risk, moderate-reward middle.
---
## Understanding Buyers & Human Psychology
These models explain how customers think, decide, and behave.
### Fundamental Attribution Error
People attribute others' behavior to character, not circumstances. "They didn't buy because they're not serious" vs. "The checkout was confusing."
**Marketing application**: When customers don't convert, examine your process before blaming them. The problem is usually situational, not personal.
### Mere Exposure Effect
People prefer things they've seen before. Familiarity breeds liking.
**Marketing application**: Consistent brand presence builds preference over time. Repetition across channels creates comfort and trust.
### Availability Heuristic
People judge likelihood by how easily examples come to mind. Recent or vivid events seem more common.
**Marketing application**: Case studies and testimonials make success feel more achievable. Make positive outcomes easy to imagine.
### Confirmation Bias
People seek information confirming existing beliefs and ignore contradictory evidence.
**Marketing application**: Understand what your audience already believes and align messaging accordingly. Fighting beliefs head-on rarely works.
### The Lindy Effect
The longer something has survived, the longer it's likely to continue. Old ideas often outlast new ones.
**Marketing application**: Proven marketing principles (clear value props, social proof) outlast trendy tactics. Don't abandon fundamentals for fads.
### Mimetic Desire
People want things because others want them. Desire is socially contagious.
**Marketing application**: Show that desirable people want your product. Waitlists, exclusivity, and social proof trigger mimetic desire.
### Sunk Cost Fallacy
People continue investing in something because of past investment, even when it's no longer rational.
**Marketing application**: Know when to kill underperforming campaigns. Past spend shouldn't justify future spend if results aren't there.
### Endowment Effect
People value things more once they own them.
**Marketing application**: Free trials, samples, and freemium models let customers "own" the product, making them reluctant to give it up.
### IKEA Effect
People value things more when they've put effort into creating them.
**Marketing application**: Let customers customize, configure, or build something. Their investment increases perceived value and commitment.
### Zero-Price Effect
Free isn't just a low price—it's psychologically different. "Free" triggers irrational preference.
**Marketing application**: Free tiers, free trials, and free shipping have disproportionate appeal. The jump from $1 to $0 is bigger than $2 to $1.
### Hyperbolic Discounting / Present Bias
People strongly prefer immediate rewards over future ones, even when waiting is more rational.
**Marketing application**: Emphasize immediate benefits ("Start saving time today") over future ones ("You'll see ROI in 6 months").
### Status-Quo Bias
People prefer the current state of affairs. Change requires effort and feels risky.
**Marketing application**: Reduce friction to switch. Make the transition feel safe and easy. "Import your data in one click."
### Default Effect
People tend to accept pre-selected options. Defaults are powerful.
**Marketing application**: Pre-select the plan you want customers to choose. Opt-out beats opt-in for subscriptions (ethically applied).
### Paradox of Choice
Too many options overwhelm and paralyze. Fewer choices often lead to more decisions.
**Marketing application**: Limit options. Three pricing tiers beat seven. Recommend a single "best for most" option.
### Goal-Gradient Effect
People accelerate effort as they approach a goal. Progress visualization motivates action.
**Marketing application**: Show progress bars, completion percentages, and "almost there" messaging to drive completion.
### Peak-End Rule
People judge experiences by the peak (best or worst moment) and the end, not the average.
**Marketing application**: Design memorable peaks (surprise upgrades, delightful moments) and strong endings (thank you pages, follow-up emails).
### Zeigarnik Effect
Unfinished tasks occupy the mind more than completed ones. Open loops create tension.
**Marketing application**: "You're 80% done" creates pull to finish. Incomplete profiles, abandoned carts, and cliffhangers leverage this.
### Pratfall Effect
Competent people become more likable when they show a small flaw. Perfection is less relatable.
**Marketing application**: Admitting a weakness ("We're not the cheapest, but...") can increase trust and differentiation.
### Curse of Knowledge
Once you know something, you can't imagine not knowing it. Experts struggle to explain simply.
**Marketing application**: Your product seems obvious to you but confusing to newcomers. Test copy with people unfamiliar with your space.
### Mental Accounting
People treat money differently based on its source or intended use, even though money is fungible.
**Marketing application**: Frame costs in favorable mental accounts. "$3/day" feels different than "$90/month" even though it's the same.
### Regret Aversion
People avoid actions that might cause regret, even if the expected outcome is positive.
**Marketing application**: Address regret directly. Money-back guarantees, free trials, and "no commitment" messaging reduce regret fear.
### Bandwagon Effect / Social Proof
People follow what others are doing. Popularity signals quality and safety.
**Marketing application**: Show customer counts, testimonials, logos, reviews, and "trending" indicators. Numbers create confidence.
---
## Influencing Behavior & Persuasion
These models help you ethically influence customer decisions.
### Reciprocity Principle
People feel obligated to return favors. Give first, and people want to give back.
**Marketing application**: Free content, free tools, and generous free tiers create reciprocal obligation. Give value before asking for anything.
### Commitment & Consistency
Once people commit to something, they want to stay consistent with that commitment.
**Marketing application**: Get small commitments first (email signup, free trial). People who've taken one step are more likely to take the next.
### Authority Bias
People defer to experts and authority figures. Credentials and expertise create trust.
**Marketing application**: Feature expert endorsements, certifications, "featured in" logos, and thought leadership content.
### Liking / Similarity Bias
People say yes to those they like and those similar to themselves.
**Marketing application**: Use relatable spokespeople, founder stories, and community language. "Built by marketers for marketers" signals similarity.
### Unity Principle
Shared identity drives influence. "One of us" is powerful.
**Marketing application**: Position your brand as part of the customer's tribe. Use insider language and shared values.
### Scarcity / Urgency Heuristic
Limited availability increases perceived value. Scarcity signals desirability.
**Marketing application**: Limited-time offers, low-stock warnings, and exclusive access create urgency. Only use when genuine.
### Foot-in-the-Door Technique
Start with a small request, then escalate. Compliance with small requests leads to compliance with larger ones.
**Marketing application**: Free trial → paid plan → annual plan → enterprise. Each step builds on the last.
### Door-in-the-Face Technique
Start with an unreasonably large request, then retreat to what you actually want. The contrast makes the second request seem reasonable.
**Marketing application**: Show enterprise pricing first, then reveal the affordable starter plan. The contrast makes it feel like a deal.
### Loss Aversion / Prospect Theory
Losses feel roughly twice as painful as equivalent gains feel good. People will work harder to avoid losing than to gain.
**Marketing application**: Frame in terms of what they'll lose by not acting. "Don't miss out" beats "You could gain."
### Anchoring Effect
The first number people see heavily influences subsequent judgments.
**Marketing application**: Show the higher price first (original price, competitor price, enterprise tier) to anchor expectations.
### Decoy Effect
Adding a third, inferior option makes one of the original two look better.
**Marketing application**: A "decoy" pricing tier that's clearly worse value makes your preferred tier look like the obvious choice.
### Framing Effect
How something is presented changes how it's perceived. Same facts, different frames.
**Marketing application**: "90% success rate" vs. "10% failure rate" are identical but feel different. Frame positively.
### Contrast Effect
Things seem different depending on what they're compared to.
**Marketing application**: Show the "before" state clearly. The contrast with your "after" makes improvements vivid.
---
## Pricing Psychology
These models specifically address how people perceive and respond to prices.
### Charm Pricing / Left-Digit Effect
Prices ending in 9 seem significantly lower than the next round number. $99 feels much cheaper than $100.
**Marketing application**: Use .99 or .95 endings for value-focused products. The left digit dominates perception.
### Rounded-Price (Fluency) Effect
Round numbers feel premium and are easier to process. $100 signals quality; $99 signals value.
**Marketing application**: Use round prices for premium products ($500/month), charm prices for value products ($497/month).
### Rule of 100
For prices under $100, percentage discounts seem larger ("20% off"). For prices over $100, absolute discounts seem larger ("$50 off").
**Marketing application**: $80 product: "20% off" beats "$16 off." $500 product: "$100 off" beats "20% off."
### Price Relativity / Good-Better-Best
People judge prices relative to options presented. A middle tier seems reasonable between cheap and expensive.
**Marketing application**: Three tiers where the middle is your target. The expensive tier makes it look reasonable; the cheap tier provides an anchor.
### Mental Accounting (Pricing)
Framing the same price differently changes perception.
**Marketing application**: "$1/day" feels cheaper than "$30/month." "Less than your morning coffee" reframes the expense.
---
## Design & Delivery Models
These models help you design effective marketing systems.
### Hick's Law
Decision time increases with the number and complexity of choices. More options = slower decisions = more abandonment.
**Marketing application**: Simplify choices. One clear CTA beats three. Fewer form fields beat more.
### AIDA Funnel
Attention → Interest → Desire → Action. The classic customer journey model.
**Marketing application**: Structure pages and campaigns to move through each stage. Capture attention before building desire.
### Rule of 7
Prospects need roughly 7 touchpoints before converting. One ad rarely converts; sustained presence does.
**Marketing application**: Build multi-touch campaigns across channels. Retargeting, email sequences, and consistent presence compound.
### Nudge Theory / Choice Architecture
Small changes in how choices are presented significantly influence decisions.
**Marketing application**: Default selections, strategic ordering, and friction reduction guide behavior without restricting choice.
### BJ Fogg Behavior Model
Behavior = Motivation × Ability × Prompt. All three must be present for action.
**Marketing application**: High motivation but hard to do = won't happen. Easy to do but no prompt = won't happen. Design for all three.
### EAST Framework
Make desired behaviors: Easy, Attractive, Social, Timely.
**Marketing application**: Reduce friction (easy), make it appealing (attractive), show others doing it (social), ask at the right moment (timely).
### COM-B Model
Behavior requires: Capability, Opportunity, Motivation.
**Marketing application**: Can they do it (capability)? Is the path clear (opportunity)? Do they want to (motivation)? Address all three.
### Activation Energy
The initial energy required to start something. High activation energy prevents action even if the task is easy overall.
**Marketing application**: Reduce starting friction. Pre-fill forms, offer templates, show quick wins. Make the first step trivially easy.
### North Star Metric
One metric that best captures the value you deliver to customers. Focus creates alignment.
**Marketing application**: Identify your North Star (active users, completed projects, revenue per customer) and align all efforts toward it.
### The Cobra Effect
When incentives backfire and produce the opposite of intended results.
**Marketing application**: Test incentive structures. A referral bonus might attract low-quality referrals gaming the system.
---
## Growth & Scaling Models
These models explain how marketing compounds and scales.
### Feedback Loops
Output becomes input, creating cycles. Positive loops accelerate growth; negative loops create decline.
**Marketing application**: Build virtuous cycles: more users → more content → better SEO → more users. Identify and strengthen positive loops.
### Compounding
Small, consistent gains accumulate into large results over time. Early gains matter most.
**Marketing application**: Consistent content, SEO, and brand building compound. Start early; benefits accumulate exponentially.
### Network Effects
A product becomes more valuable as more people use it.
**Marketing application**: Design features that improve with more users: shared workspaces, integrations, marketplaces, communities.
### Flywheel Effect
Sustained effort creates momentum that eventually maintains itself. Hard to start, easy to maintain.
**Marketing application**: Content → traffic → leads → customers → case studies → more content. Each element powers the next.
### Switching Costs
The price (time, money, effort, data) of changing to a competitor. High switching costs create retention.
**Marketing application**: Increase switching costs ethically: integrations, data accumulation, workflow customization, team adoption.
### Exploration vs. Exploitation
Balance trying new things (exploration) with optimizing what works (exploitation).
**Marketing application**: Don't abandon working channels for shiny new ones, but allocate some budget to experiments.
### Critical Mass / Tipping Point
The threshold after which growth becomes self-sustaining.
**Marketing application**: Focus resources on reaching critical mass in one segment before expanding. Depth before breadth.
### Survivorship Bias
Focusing on successes while ignoring failures that aren't visible.
**Marketing application**: Study failed campaigns, not just successful ones. The viral hit you're copying had 99 failures you didn't see.
---
## Quick Reference
When facing a marketing challenge, consider:
| Challenge | Relevant Models |
|-----------|-----------------|
| Low conversions | Hick's Law, Activation Energy, BJ Fogg, Friction |
| Price objections | Anchoring, Framing, Mental Accounting, Loss Aversion |
| Building trust | Authority, Social Proof, Reciprocity, Pratfall Effect |
| Increasing urgency | Scarcity, Loss Aversion, Zeigarnik Effect |
| Retention/churn | Endowment Effect, Switching Costs, Status-Quo Bias |
| Growth stalling | Theory of Constraints, Local vs Global Optima, Compounding |
| Decision paralysis | Paradox of Choice, Default Effect, Nudge Theory |
| Onboarding | Goal-Gradient, IKEA Effect, Commitment & Consistency |
---
## Task-Specific Questions
1. What specific behavior are you trying to influence?
2. What does your customer believe before encountering your marketing?
3. Where in the journey (awareness → consideration → decision) is this?
4. What's currently preventing the desired action?
5. Have you tested this with real customers?
---
## Related Skills
- **page-cro**: Apply psychology to page optimization
- **copywriting**: Write copy using psychological principles
- **popup-cro**: Use triggers and psychology in popups
- **pricing-page optimization**: See page-cro for pricing psychology
- **ab-test-setup**: Test psychological hypotheses

1
.claude/skills/marketing-content-strategy Symbolic link
View File

@ -0,0 +1 @@
../../.agents/skills/marketing-content-strategy

1
.claude/skills/marketing-psychology Symbolic link
View File

@ -0,0 +1 @@
../../.agents/skills/marketing-psychology

8
.daemon/logs/signet-2026-02-23.log
View File

@ -3293,3 +3293,11 @@
{"timestamp":"2026-02-23T11:17:58.417Z","level":"info","category":"watcher","message":"File changed","data":{"path":"/home/nicholai/.agents/memory/memories.db-wal"}}
{"timestamp":"2026-02-23T11:17:59.727Z","level":"info","category":"watcher","message":"File changed","data":{"path":"/home/nicholai/.agents/memory/memories.db-wal"}}
{"timestamp":"2026-02-23T11:17:59.728Z","level":"info","category":"watcher","message":"File changed","data":{"path":"/home/nicholai/.agents/memory/memories.db-wal"}}
{"timestamp":"2026-02-23T11:18:04.730Z","level":"warn","category":"git","message":"Git add failed"}
{"timestamp":"2026-02-23T11:18:04.786Z","level":"info","category":"git","message":"Auto-committed","data":{"message":"2026-02-23T11-18-04_auto_memory/memories.db-wal, memory/memories.db-wal","filesChanged":2}}
{"timestamp":"2026-02-23T11:18:35.619Z","level":"warn","category":"git","message":"Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected] HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
{"timestamp":"2026-02-23T11:18:35.619Z","level":"warn","category":"git","message":"Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected] HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
{"timestamp":"2026-02-23T11:21:08.542Z","level":"warn","category":"git","message":"Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected] HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
{"timestamp":"2026-02-23T11:21:08.542Z","level":"warn","category":"git","message":"Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected] HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
{"timestamp":"2026-02-23T11:23:36.528Z","level":"warn","category":"git","message":"Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected] HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}
{"timestamp":"2026-02-23T11:23:36.528Z","level":"warn","category":"git","message":"Periodic sync failed: Push failed: To https://github.com/Signet-AI/signetai.git\n ! [rejected] HEAD -> main (non-fast-forward)\nerror: failed to push some refs to 'https://github.com/Signet-AI/signetai.git'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. If you want to integrate the remote changes,\nhint: use 'git pull' before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n"}

1
.daemon/pid
View File

@ -1 +0,0 @@
1036448

18
.gitignore vendored
View File

@ -1,6 +1,14 @@
.agent/
.agents/
.claude/
archive/
emit
# Python virtual environment
.venv/
# Daemon runtime
.daemon/
# Python cache
__pycache__/
*.pyc
# SQLite journals
*.db-journal
*.db-wal
*.db-shm

181
archive/clawdbot-safety-report-2026-01-27.md Normal file
View File

@ -0,0 +1,181 @@
clawdbot safety report — january 27, 2026
==========================================
sources: github issues (#2992-#3002), reddit (r/hackerworkspace, r/MoltbotCommunity),
official security docs (docs.clawd.bot/security), and community discourse.
note: web search API key is missing so twitter/x couldn't be scraped directly.
findings are based on reddit, github, and official docs which reflect the same
concerns circulating on twitter.
executive summary
---------
the overwhelming majority of "clawdbot got hacked" stories trace back to
**user misconfiguration**, not software vulnerabilities. the most viral
complaints are from marketers who port-forwarded their gateway to the public
internet, got owned, and blamed the software. that said, there ARE real
security issues worth knowing about — mostly around defaults and missing
hardening that new users don't think to configure.
**verdict:** clawdbot is not inherently insecure. it's a power tool that
requires the user to understand what they're connecting. most incidents are
self-inflicted.
critical issues (user-caused)
---------
### 1. port forwarding the gateway (the big one)
**severity: catastrophic (user error)**
this is what's blowing up twitter. users are port-forwarding port 18789
to the public internet, effectively giving anyone on earth direct access
to their shell, files, and messaging integrations. clawdbot's gateway is
designed to run on localhost only. exposing it publicly is like giving
strangers your SSH keys.
**the fix:** never port forward. use messaging integrations (discord,
telegram, signal) as the public-facing layer. gateway should only listen
on 127.0.0.1 (which is actually the default — users are going out of
their way to break this).
### 2. open DM policy with no allowlist
**severity: high (user error)**
some users set dmPolicy to "open" without understanding that this lets
literally anyone trigger their bot. combined with tool access, this means
a random stranger can message your bot and potentially execute commands.
**the fix:** use dmPolicy: "pairing" or "allowlist". never use "open"
unless you fully understand the implications.
### 3. sandbox disabled
**severity: high (user error)**
users running without sandbox mode, meaning every exec command runs
directly on the host system with full access. one prompt injection away
from `rm -rf /`.
**the fix:** enable sandbox=all, set docker.network=none for isolation.
### 4. plaintext credentials
**severity: medium (user error)**
oauth.json and other credential files sitting with default permissions.
on multi-user systems, other users can read your tokens.
**the fix:** chmod 600 on all credential files. use environment variables
for sensitive tokens. run `moltbot security audit --fix` to auto-tighten.
real software vulnerabilities (from github)
---------
these are actual code-level issues filed on the repo (issues #2992-#3002):
### critical severity
- **#2992 — unsafe eval() in browser context:** eval() is used to run
JavaScript in browser automation. if the input is user-influenced,
this is arbitrary code execution. location: pw-tools-core.interactions.ts
- **#2993 — HTTP without mandatory HTTPS:** the gateway can run plain HTTP,
meaning tokens and credentials transit unencrypted. fine for localhost,
dangerous if exposed to any network.
### high severity
- **#2994 — SHA1 still used for hashing:** SHA1 is cryptographically broken.
used in sandbox config hashing. should be SHA-256 minimum.
- **#2995 — path traversal risk:** not all file operations use the safe
openFileWithinRoot() wrapper. `../` sequences could access files outside
intended directories.
- **#2996 — JSON.parse without schema validation:** parsing config files
without validation means tampered files could cause unexpected behavior.
### medium severity
- **#2997 — hook tokens in query parameters:** deprecated but still supported.
tokens in URLs leak to logs, browser history, referrer headers, and proxies.
- **#2998 — no explicit CORS policy:** missing Access-Control-Allow-Origin
headers could allow unauthorized cross-origin API requests.
- **#2999 — environment variable injection:** sanitizeEnv() may not fully
prevent dangerous env vars like LD_PRELOAD or PATH manipulation in
child processes.
### low severity
- **#3000 — sensitive data in logs:** logging statements may expose tokens
and API keys. logging.redactSensitive exists but isn't enforced everywhere.
- **#3001 — inconsistent input validation:** not all HTTP endpoints validate
input consistently. potential for injection or DoS.
- **#3002 — file permissions not enforced:** sensitive files may be created
without restrictive permissions on multi-user systems.
what the community is saying (reddit)
---------
**r/hackerworkspace** — post titled "clawdbot is a security nightmare"
links to a youtube video. typical fear-mongering from people who don't
understand the tool. the post itself doesn't detail any novel exploits.
**r/MoltbotCommunity** — much more constructive post "Secure your Moltbot"
that actually lists practical fixes. this poster gets it — they're
pro-clawdbot but want users to harden their setups. their checklist
largely aligns with the official security docs.
what clawdbot already does right
---------
- gateway binds to loopback by default (you have to deliberately break this)
- DM policy defaults to "pairing" (strangers can't just message in)
- built-in `moltbot security audit` command that flags common footguns
- `--fix` flag auto-applies safe guardrails
- comprehensive official security docs with threat model documentation
- prompt injection guidance in official docs
- credential storage is documented with clear hardening steps
- model-specific security guidance (recommends opus 4.5 for tool-enabled bots)
recommendations
---------
1. **run the audit:** `moltbot security audit --deep --fix` regularly
2. **never expose the gateway:** localhost only, always
3. **use allowlists:** for DMs and groups, always use pairing or allowlists
4. **enable sandbox:** sandbox=all with docker.network=none
5. **lock file permissions:** chmod 600 on everything in ~/.clawdbot/
6. **use strong models:** opus 4.5 for any bot with tool access
(weaker models are more susceptible to prompt injection)
7. **treat all external content as hostile:** web pages, attachments,
pasted content — all potential prompt injection vectors
8. **block dangerous commands:** explicitly block rm -rf, curl pipes,
git push --force unless you need them
9. **enable audit logging:** so if something goes wrong, you know what happened
bottom line
---------
the twitter meltdown is 90% users who port-forwarded their way into getting
owned, and 10% legitimate (but mostly low-to-medium severity) code issues
that the maintainers are tracking. the software has solid security defaults —
the problem is users actively disabling them without understanding why they
exist.
anyone blaming clawdbot for getting hacked after port-forwarding their
gateway is like blaming their car manufacturer after leaving the keys in
the ignition with the engine running in a walmart parking lot.