Jumia Opportunity Finder
v1.0.0Jumia marketplace opportunity finder and profitable niche analyzer for African markets. Identify profitable niches, analyze competition, calculate margins, a...
⭐ 0· 75·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Jumia marketplace opportunity finder) matches the SKILL.md content: market analyses, scoring frameworks, margin templates and user prompts for product, country, competitor listings and cost structure. The skill does not request unrelated credentials or system access.
Instruction Scope
SKILL.md is instruction-only and asks the agent to run/from a hypothetical 'jumia' CLI (commands shown) and to request user-provided competitor listings, costs and budget. Because this is instruction text (no shipped code), the actual behavior depends on the agent runtime and allowed tools. The file lists allowed-tools: Bash, which could enable shell execution if the agent is granted that tool — the instructions themselves do not request secrets or system files, but running arbitrary shell commands would be a capability to restrict at runtime. Also note the displayed CLI appears to be a placeholder; there is no install spec or binary declared.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md does not instruct the agent to read environment variables or system config. This is proportionate to a market-analysis/instruction-only skill.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills. Autonomous invocation is allowed by platform default but there are no added privileges requested by this skill.
Assessment
This skill is instruction-only and coherent with its description, but a few practical cautions: 1) The SKILL.md shows a hypothetical 'jumia' CLI — confirm whether your agent runtime actually has such a tool before relying on those commands. 2) The file allows use of Bash; avoid granting the agent shell execution permission unless you trust it, because Bash access can run arbitrary system commands. 3) Do not paste sensitive data (API keys, bank details, or supplier credentials) into the conversation when providing 'competitor data' or cost info. 4) If you want to use this skill, verify the linked GitHub repository for implementation details and test the skill in a sandboxed environment first. 5) Revoke or limit agent/tool permissions if the skill asks for unexpected credentials or to access files outside the intended scope.Like a lobster shell, security has layers — review code before you run it.
latestvk97d43d4p6ncejcgrt338h902n83ht2b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.