Market Gap Analysis
v1.0.0Identify underserved market gaps and unmet customer needs in e-commerce. Analyzes competitor blind spots, review pain points, search demand without adequate...
⭐ 1· 91·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and declared capabilities align: the skill promises market-gap analysis across multiple e‑commerce platforms and does not request unrelated resources (no env vars, no binaries, no config paths). Supported platforms are plausible for the described analyses.
Instruction Scope
SKILL.md directs the agent to collect user inputs, ask a single follow-up, research, and produce structured recommendations. It does not instruct reading local files, secrets, or external endpoints beyond generic 'research'. The term 'research' is broad — it could imply web queries/scraping or use of external data sources, but the instructions themselves stay within the expected scope for this task.
Install Mechanism
No install spec is present in the registry (instruction-only), so nothing is written to disk by default. The README suggests installing via 'npx skills add ...' but that is a user-facing installation instruction in SKILL.md, not an enforced install script in the package metadata.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportionate for a tool that performs public-data research and asks users for product/context information interactively.
Persistence & Privilege
No 'always: true' flag and no requests to modify other skills or system settings. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges here.
Scan Findings in Context
[no_regex_findings] expected: The regex-based scanner found nothing to analyze because this is an instruction-only skill (no code files). That absence is expected but does not by itself prove safety.
Assessment
This skill appears coherent and low-risk: it doesn't request credentials or install code. Before installing or using it, consider: (1) If you want analysis of private store data (sales dashboards, private APIs), you'll need to provide credentials or grant access — avoid sharing secrets in chat unless you trust the skill and provider. (2) The SKILL.md mentions installing via 'npx' — only run such commands if you trust the package source (verify the npm/GitHub project). (3) 'Research' is vague; ask the assistant how it will obtain data and what sources it will use (public reviews, search volume tools, scraping). (4) If you plan to use this for sensitive business decisions, validate outputs with your own data and audits. If you want, I can list specific questions to ask the skill before granting access to any account or dataset.Like a lobster shell, security has layers — review code before you run it.
latestvk97ak79qfrqrw69190mv6jxsax83nrv9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.