gh-industry-deep-analysis
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may trigger web or financial-data lookups to produce the report, but the artifacts do not show account changes, local file access, or destructive operations.
The skill explicitly instructs the agent to call external search and market-data tools. This is expected for current industry analysis, but it means user prompts and research topics may be processed by those providers.
必用工具(P0 优先级)... mx-search ... openclaw-tavily-search ... 辅助工具 ... mx-data ... mx-xuangu
Use it for non-sensitive industry research queries and verify important investment data against primary sources.
A user may have minor uncertainty about which documented version they are installing or reviewing.
The reviewed artifacts show inconsistent version numbers across the registry, skill file, and package metadata. With no code present this is not a strong security concern, but it makes exact release provenance less clear.
Registry metadata: Version: 1.1.3; SKILL.md: version: "1.1.2"; package.json: "version": "1.1.0"
Publisher should align registry, SKILL.md, package.json, README, and _meta.json versions for clearer provenance.