PE Monitor Pro
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is purpose-aligned for portfolio-company monitoring, but users should notice that it mentions API keys and Python requirements that the registry metadata does not declare.
This appears to be a benign monitoring/reporting skill. Before installing, note that the SKILL.md mentions Tianyancha and News API keys even though the registry requirements say no environment variables are required; use limited-purpose keys and confirm whether Python is actually necessary.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may require giving the agent access to Tianyancha and news API credentials, which could affect API usage, billing, or access to account-backed data.
The skill indicates it may use external service API keys. These credentials are purpose-aligned for business and news monitoring, but users should recognize that account-backed API access may be involved.
requires:\n env:\n - TIANYANCHA_API_KEY\n - NEWS_API_KEY\n primaryEnv: TIANYANCHA_API_KEY
Use dedicated, least-privileged API keys where possible, monitor usage, and avoid sharing keys with broader access than needed for company and news monitoring.
The registry may not fully communicate the skill's expected local environment requirements before installation.
The skill declares a Python binary requirement even though the provided package is instruction-only and contains no code or install spec. This is an under-declared or inconsistent packaging signal, not evidence of automatic code execution.
requires:\n bins:\n - python3
Before using the skill, confirm whether Python is actually needed and avoid running any additional scripts unless they are separately reviewed and clearly tied to the monitoring workflow.