Back to skill
Skillv1.0.0
ClawScan security
Market Competitor Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 4:27 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (competitive research) and it requests no installs, credentials, or system access beyond public web research.
- Guidance
- This skill appears coherent and low-risk: it only prescribes public-source research and report templates and asks for no credentials or installs. Before use, consider these practical points: (1) Avoid pasting proprietary or sensitive information into prompts (customer lists, non-public docs, credentials). (2) If you automate web scraping, follow sites' terms of service, rate limits, and robots.txt — prefer official APIs. (3) Verify facts and numbers the skill gathers (public sources can be outdated or incorrect). (4) If you want to prevent the skill from running autonomously, restrict its invocation in your agent configuration. If you need higher assurance, request provenance for any automated data collection the skill performs (which sites, what queries, whether data is cached).
Review Dimensions
- Purpose & Capability
- okThe name, description, and SKILL.md are consistent: the guidance covers competitor identification, positioning, pricing, marketing, technical analysis, and report templates — all coherent with "Market Competitor Research." There are no unrelated required binaries, environment variables, or config paths.
- Instruction Scope
- noteInstructions stay within public-sources research (company websites, review sites, social media, BuiltWith/Wappalyzer, job postings, SEC filings). The skill does not instruct reading local files or secrets. Note: implementing the methods could involve scraping or automated queries; that has legal, terms-of-service, and rate-limit implications and should be done with care (prefer official APIs, respect robots.txt and site terms).
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or unrelated service access.
- Persistence & Privilege
- okalways:false and user-invocable are appropriate. The skill does not request persistent presence or system-wide changes. Autonomous invocation is allowed by platform default but this skill does not ask for elevated privileges.