v1.0.3

Market Intelligence Claw

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

This instruction-only skill appears purpose-aligned for market research, but users should notice that optional paid APIs and provider credentials may be used.

GuidanceThis skill looks safe to install as an instruction-only market-research helper. Before using optional tiers, create dedicated provider credentials, set quota and spend limits, review every planned query, and avoid sharing confidential business or customer information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

I can also use paid APIs ... I show you every planned search before running it and wait for your OK

The skill uses external and potentially cost-bearing APIs, but it explicitly requires a research plan and user approval before running searches.

User impactApproving a plan could send public search terms to third-party providers and consume paid API credits.

RecommendationReview each research plan, use the free tier when possible, and only approve paid API calls you understand.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

references/setup.md

Auth: Login + password (not API key) ... Authorization: Basic base64("{login}:{password}")

The optional DataForSEO tier requires account credentials rather than just a scoped API key, which is sensitive even though it is purpose-aligned.

User impactIf enabled, provider credentials could authorize API usage and potentially incur charges on the user’s account.

RecommendationUse dedicated low-privilege credentials where possible, set spend caps and quotas, avoid production/shared passwords, and rotate credentials after use if concerned.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Business Profile: name ... industry ... target_customer ... platforms ... competitors ... geography ... goals ... Never collect or store: exact revenue, customer personal data

The skill maintains a business profile in the conversation context, but it also tells the agent not to collect more sensitive business or customer data.

User impactBusiness strategy details shared with the agent may be reused during the session to guide research and recommendations.

RecommendationShare only the business details needed for the research task and keep confidential revenue, customer, credential, or internal strategy data out of the profile.