ClawHub

Rivalwatch

v2.0.0

Generate competitor analysis with SWOT and market positioning. Use when comparing features, checking market share, analyzing differentiation strategies.

0· 94·1 current·1 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (competitor analysis, SWOT, exports) match the delivered functionality: a Bash CLI that logs entries, shows stats, searches logs, and exports data. No unrelated credentials, binaries, or cloud access are requested.
Instruction Scope
SKILL.md instructs the agent to use the CLI and references only the data directory (~/.local/share/rivalwatch). The included script only reads/writes files inside that directory and uses standard Unix tools. It does create and append logs there (expected for this tool).
Install Mechanism
Instruction-only with a single shipped shell script; there is no install spec that downloads or executes remote code. This is low-risk and proportionate for a small CLI utility.
Credentials
No required environment variables, credentials, or config paths beyond $HOME. The script only reads/writes its own data directory; requested environment access is minimal and appropriate.
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills. It persists only by creating files under the user's home data directory, which is expected behavior for a local CLI.
Assessment
This skill appears to do what it says: a local, file-backed CLI for logging and exporting competitor intel. Before installing, note that it will create and write files under ~/.local/share/rivalwatch (logs and export files), so do not store secrets there if you need them private. There are some minor implementation issues (e.g., JSON export uses simple printf/echo and may produce invalid JSON when entries contain quotes or newlines), but those are quality issues rather than security red flags. If you trust the source (BytesAgain) and are comfortable with local files being created/edited, the skill is reasonable to install. If you need stronger guarantees, review the full script locally or run it in a sandboxed account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e4fez7an8x9vq52yw36c8jd834mhs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments