Skillv1.0.0

ClawScan security

Competitor Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

ReviewFeb 22, 2026, 8:35 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality matches its description, but the included shell script has a clear code-injection vulnerability (and a couple of small mismatches with the documentation) so treat it as risky until fixed or reviewed.
Guidance: This skill does what it claims (runs web searches and writes a report), but the bundled analyze.sh is unsafe to run with untrusted input because it interpolates the user-supplied company string directly into python -c, allowing arbitrary Python code execution. Before using: 1) Do not run the script on inputs from untrusted sources or external agents. 2) Fix the injection by passing the query as a python argument instead of embedding it in code. Example safe replacement: replace the call python3 -c "import urllib.parse; print(urllib.parse.quote('$query'))" with python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1]))" -- "$query" (or URL-encode with a POSIX-safe tool) so the query is passed as argv rather than injected into the code string. 3) Update SKILL.md to list python3 as a required binary and mention that the script writes competitor-report-*.md to the current directory. 4) Run the script in a sandbox or throwaway directory until you (or someone you trust) audits it. If you cannot patch or audit the script, treat the skill as unsafe and avoid installing/invoking it from untrusted agents.

Purpose & Capability: noteThe script implements the stated competitor-analysis functionality (web searches, report generation). It reasonably requires internet access and curl. However SKILL.md omits a dependency on python3 (the script calls python3 multiple times), which is inconsistent with the declared requirements.
Instruction Scope: concernThe script only performs web searches, writes a markdown report to the current directory, and prints it — consistent with the stated purpose. However the script injects the untrusted search string directly into a python -c invocation, enabling arbitrary Python code execution if a malicious company name is passed. The script also writes files to the working directory (competitor-report-*.md) which may overwrite files if names collide.
Install Mechanism: okThis is an instruction-only skill with a bundled script and no install spec — low install risk (nothing is downloaded or installed automatically).
Credentials: okNo credentials, environment variables, or external tokens are requested. The need for internet access is proportional to the task. The missing explicit mention of python3 in SKILL.md is a documentation gap but not a signalling of unnecessary privileges.
Persistence & Privilege: okThe skill does not request persistent presence (always: false) and does not modify other skills or system-wide settings. It runs as a normal script with no elevated privileges.