gh-industry-deep-analysis
AdvisoryAudited by VirusTotal on Apr 26, 2026.
Overview
Type: OpenClaw Skill Name: gh-industry-deep-analysis Version: 1.1.3 The skill bundle defines a comprehensive framework for an AI agent to perform deep industry and financial analysis. The instructions in SKILL.md guide the agent to use specific search and data tools (such as mx-search, openclaw-tavily-search, and mx-data) to populate a detailed report template covering market size, supply chains, and competitive landscapes. There is no evidence of malicious intent, data exfiltration, or unauthorized command execution; the instructions are strictly aligned with the stated purpose of providing investment research assistance.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may trigger web or financial-data lookups to produce the report, but the artifacts do not show account changes, local file access, or destructive operations.
The skill explicitly instructs the agent to call external search and market-data tools. This is expected for current industry analysis, but it means user prompts and research topics may be processed by those providers.
必用工具(P0 优先级)... mx-search ... openclaw-tavily-search ... 辅助工具 ... mx-data ... mx-xuangu
Use it for non-sensitive industry research queries and verify important investment data against primary sources.
A user may have minor uncertainty about which documented version they are installing or reviewing.
The reviewed artifacts show inconsistent version numbers across the registry, skill file, and package metadata. With no code present this is not a strong security concern, but it makes exact release provenance less clear.
Registry metadata: Version: 1.1.3; SKILL.md: version: "1.1.2"; package.json: "version": "1.1.0"
Publisher should align registry, SKILL.md, package.json, README, and _meta.json versions for clearer provenance.