ClawHub

consulting-report-search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned report-search skill that runs a bundled Python script against public iResearch and QuestMobile sources, with only minor transparency/provenance notes.

Before installing, confirm you are comfortable with a Python-based skill that sends search queries to iResearch, QuestMobile, and possibly web-search services, and be aware that the publisher source/homepage is not provided.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

The agent may run the bundled Python script, contact public report/search websites, and save outputs when used.

Why it was flagged

The skill discloses local command execution, external network/search usage, and optional file writes. These capabilities are relevant to the stated report-search purpose, but users should notice them before installation.

Skill content
- exec: Run the bundled script to fetch iResearch and QuestMobile search results and detail pages
- read: Load the skill reference file...
- write: Save search results or answer drafts when needed
- browser or web search tools: Use browser-based or available web-search capability when both primary sources fail
Recommendation

Use the skill when you are comfortable sending report queries to the named public services and review any saved files or generated drafts.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Users have less external provenance information for the bundled script than they would with a known source or homepage.

Why it was flagged

The skill includes bundled code but has limited provenance metadata and no homepage. This is not evidence of malicious behavior, but it reduces install-time transparency.

Skill content
Source: unknown
Homepage: none
Install specifications: No install spec — this is an instruction-only skill.
Code file presence: scripts/iresearch_report_search.py
Recommendation

Prefer installing from trusted publishers or review the bundled script and references before relying on the skill.