Skill Market Analyzer
Security checks across malware telemetry and agentic risk
Overview
This appears to be a simple local report generator with no credential or network access, but users should know it writes to the file path it is given and its report content is mostly canned.
This skill looks safe to install from a security perspective, but use it as a lightweight local report template rather than authoritative marketplace research, and choose the output filename carefully so it does not overwrite something important.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could make planning decisions based on a canned report rather than actual marketplace data.
The report content is hard-coded, while the skill is described as analyzing marketplace trends and gaps. This is not evidence of malicious behavior, but users should not over-trust the generated report as live market research.
echo "1. Productivity" >> "$OUTPUT" echo "2. E-commerce" >> "$OUTPUT" echo "3. Utilities" >> "$OUTPUT"
Treat generated reports as a template or starting point, and verify any market conclusions against real marketplace data.
If invoked with the wrong output path, the script could overwrite an existing local file with the generated report.
The second argument controls the output path, and the script uses shell redirection with `>` which overwrites the target file. This is expected for report generation, but it is not limited to a specific reports directory.
OUTPUT="${2:-report.md}"
echo "# Skill Market Analysis Report" > "$OUTPUT"Use a dedicated report filename or directory, and avoid passing paths to important existing files; the skill author could add overwrite checks or restrict output paths.