industry-intelligence(行业情报)
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate industry-news collection and reporting skill, with disclosed use of web fetching, local helper scripts, optional dependency downloads, and reusable workspace files.
Before installing, be comfortable with the skill running its bundled Python helpers, fetching public web pages, and installing Playwright/Python dependencies if needed. Keep outputs in the intended workspace, review the persistent resource library, and avoid using private or internal URLs unless that is your intent.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A report request may cause the agent to fetch web pages, launch a headless browser, convert files, or download fonts.
The skill explicitly authorizes local helper-script execution for web fetching, PDF conversion, and font downloading. These tools are central to the workflow, but they can make network requests and write files.
/usr/bin/python3 {SKILL_DIR}/scripts/web_fetchers.py dynamic <URL> ... /usr/bin/python3 {SKILL_DIR}/scripts/md_to_pdf.py <MD文件路径> ... /usr/bin/python3 {SKILL_DIR}/scripts/download_fonts.pyUse the skill with intended public URLs and workspace files only; avoid pointing it at private/internal pages unless you deliberately want those pages processed.
Installing dependencies may pull current versions of external packages and browser components.
The setup documentation uses unpinned third-party Python packages and a Playwright browser runtime. This is purpose-aligned, but reproducibility and package provenance depend on the user's environment.
pip install markdown reportlab requests beautifulsoup4 playwright playwright install chromium
Install in a controlled environment, pin versions if reproducibility matters, and use trusted package indexes.
Old, incorrect, or low-quality sources in the resource library may affect later briefings.
The skill stores a reusable resource library that influences future reports. This is expected for ongoing intelligence work, but stale or inaccurate entries could propagate into later outputs.
The library is built once and reused across all future collections — users can incrementally add competitors or correct sources at any time.
Periodically review and update the resource library, especially community or rumor sources, before relying on generated reports.