Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Competitor Watch
v1.1.0Know what your competitors ship before their customers do. Automated monitoring of competitor websites, product pages, pricing, content, and social presence. Detects changes, extracts new features, tracks pricing updates, and alerts you with digestible summaries. Your agent watches the competition 24/7 so you can focus on building. Configure competitor tiers (fierce rivals get deep monitoring, adjacents get high-level), set check frequency, define alert thresholds, and receive smart diffs highlighting what actually matters. Use when setting up competitive intelligence, tracking product launches, monitoring pricing changes, or staying ahead of market moves.
⭐ 0· 1.6k·8 current·8 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the files and behavior: scripts implement adding competitors, fetching pages, taking snapshots, diffing, scoring, and generating alerts. Required config paths (~/.config/competitor-watch) and data storage are coherent with the stated purpose.
Instruction Scope
The SKILL.md and scripts operate entirely within the monitoring domain (fetch pages, store snapshots, compute diffs, log changes and send alerts). They create and write to ~/.config/competitor-watch and its data subdirs (snapshots, change log). This is expected, but be aware snapshots will contain full scraped page contents (possible sensitive or copyrighted content). The scripts include a simulated 'clawd' fetch/send command — in a real deployment you must provide the actual fetch/notification tooling.
Install Mechanism
No remote install/downloads are performed by the skill (instruction-only with local scripts). There are no URLs or archive extracts. Scripts are local and executed by the user — lower install risk than remote downloads.
Credentials
requires.env is empty and no credentials are listed, which aligns with a simple web-scraping approach; however: (1) the scripts require external CLI tools (jq is checked at runtime, and utilities like diff, grep, sed, awk, uuidgen, base64 are used) but these are not declared in metadata; (2) alerts.channel defaults to 'telegram' in the example config but no guidance or env var for Telegram bot tokens/webhook is provided — you'll need to supply and secure those credentials if you enable that channel.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It writes only to its own config/data under the user's home directory (or CW_CONFIG_DIR if set). It does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says, but review these before installing: 1) Dependencies: ensure jq and common Unix tools (diff, grep, sed, awk, uuidgen, base64) are available — the scripts will fail otherwise. 2) Alerts: decide which notification channel you'll use (Telegram, email, Slack, etc.) and configure/store any tokens/webhooks securely; the example config uses 'telegram' but no token handling is provided. 3) Data storage & privacy: snapshots store full page content — consider retention settings and legal/privacy implications of scraping competitor pages (and whether snapshots could contain customer PII). 4) Dry-run & audit: run scripts in --dry-run first, inspect the created files under ~/.config/competitor-watch, and review report output. 5) Execution scope: the scripts assume a 'clawd' fetch/message tool exists or will be implemented — replace or implement those calls safely. If you need higher assurance, ask the author to: declare required binaries and any credential env vars, document alert-channel credential setup, and remove or explain any use of random/base64/uuid utilities. If anything looks unexpected after those changes, re-evaluate.Like a lobster shell, security has layers — review code before you run it.
latestvk970zcn3hpx6pbrer7xcna151980zxjv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis