ClawHub

Competitor Spy

v1.0.0

Analyze a website or business to extract tech stack, pricing, features, SEO data, social proof, and generate a competitive intelligence report.

0· 188·1 current·1 all-time
by@michael-laffin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the instructions: fetching public pages, extracting tech, pricing, SEO, and producing reports. No unrelated binaries, env vars, or installs are requested.
Instruction Scope
Runtime instructions are focused on public web scraping and analysis (web_fetch, web_search, Google cache, LinkedIn/Twitter, SimilarWeb). One noteworthy guidance suggests trying Google cache if scraping is blocked — this is a minor red flag because it explicitly recommends a means to bypass site blocks; otherwise instructions do not ask the agent to read local files, secrets, or unrelated system state.
Install Mechanism
Instruction-only skill with no install spec or packaged code. This minimizes on-disk risk — nothing is downloaded or installed by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested, which is proportionate for a tool that analyzes public web pages. The skill does suggest consulting third-party services (SimilarWeb/Alexa) but does not request API keys.
Persistence & Privilege
always is false and the skill does not request system-wide changes or persistent presence. Default autonomous invocation is allowed (platform default) but not escalated.
Assessment
This skill appears internally consistent for public competitive research: it only instructs fetching public pages and synthesizing findings and doesn't ask for credentials or install anything. Things to consider before installing: (1) the SKILL.md suggests using Google cache to access pages that block scraping — that may violate some sites' terms of service or legal restrictions, so avoid using it against targets you don't have permission to analyze; (2) the source and owner are unknown and there's no homepage—if you need provenance, ask the publisher for more info; (3) if you plan to analyze sites behind logins or use paid third-party APIs (SimilarWeb, Alexa), those will require credentials that the skill does not request now — be cautious about supplying any secrets later; (4) consider keeping this skill user-invocable only (do not grant broad autonomous scopes) to prevent large-scale automated scraping. If the package later includes code, install steps, or requests credentials, re-evaluate as those would materially change the risk profile.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jnkwmzwrv9dyxavwvw66k582zzsv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments