ClawHub

Competitor Watchtower

v1.0.0

Build a lightweight competitor monitoring brief across DTC sites, marketplaces, social channels, and promo surfaces. Use when a team needs pricing or promo s...

0· 45·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (competitor monitoring brief) matches the implementation: handler.py parses user input and produces a markdown brief. There are no unexpected requirements (no cloud credentials, no scraping tools, no unrelated binaries).
Instruction Scope
SKILL.md explicitly states it does not perform live scraping and relies on user-supplied notes. The runtime code adheres to that: all logic is local text matching and rendering; no instructions reference reading arbitrary system files, environment secrets, or contacting external endpoints.
Install Mechanism
No install spec is provided (instruction-only install), and the included Python code does not download or execute remote artifacts. Nothing in the files writes or extracts archives from external URLs.
Credentials
The skill declares no required environment variables, no primary credential, and the code does not access os.environ or other secret/config paths. Tests briefly manipulate sys.path for import convenience (expected in local tests) but do not expose credentials.
Persistence & Privilege
always is false and the skill does not modify other skills or agent configs. disable-model-invocation is false (normal platform default) but combined with the skill's limited scope presents low risk.
Assessment
This skill appears safe and coherent for its stated purpose. Before installing, review (a) that you will only provide non-sensitive competitor notes (do not paste secrets or internal credentials), and (b) any future updates to the skill for added network calls or credential requests. If you plan to use this in an automated agent workflow, remember the agent can call the skill autonomously by default — acceptable here given the skill's local-only behavior, but review logs/outputs in case sensitive business data is included in inputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ak0pdkk882gdddr72yqxqtd84vv25

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments