Competitor Teardown
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: competitor-teardown Version: 0.1.5 The skill bundle is classified as suspicious due to several high-risk capabilities and potential prompt injection vulnerabilities. The `SKILL.md` file contains instructions for the user to execute `curl -fsSL https://cli.inference.sh | sh` and `npx skills add ...` commands. While intended for user setup, these commands download and execute remote scripts/packages and fall outside the `allowed-tools: Bash(infsh *)` directive, indicating a potential prompt injection bypass vulnerability if an AI agent were to execute them. Additionally, the skill explicitly uses `infsh app run infsh/python-executor` which allows arbitrary Python code execution. Although the provided Python code is benign, this tool represents a significant remote code execution vulnerability if an attacker can inject malicious Python code into its `code` argument via prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's recommended CLI gives code from an external domain access to run during setup.
The skill tells the user to install a third-party CLI by piping a remote script to the shell. This is disclosed and user-directed, but it is still an external installer path users should verify.
curl -fsSL https://cli.inference.sh | sh && infsh login
Use the manual install and checksum verification path if possible, and only install the CLI if you trust inference.sh.
An agent using the skill could run infsh commands beyond the specific examples, depending on what the infsh CLI supports.
The skill permits Bash use of any `infsh` command, while the examples focus on specific research apps. The broad wildcard is purpose-aligned but less tightly scoped than the documented workflows.
allowed-tools: Bash(infsh *)
Review infsh commands before approving them, especially anything outside search, extraction, or screenshot workflows.
The skill may operate under the user's inference.sh account or session when running research commands.
The skill expects login to the inference.sh CLI, even though registry metadata declares no primary credential. This appears necessary for the external service but should be visible to users.
infsh login
Log in with the intended account only, and understand what permissions and billing may apply to infsh app runs.
Competitor names, target URLs, and potentially sensitive business research questions may be sent to external services.
The skill sends queries, URLs, and browsing tasks to third-party or hosted apps through the infsh CLI. This is central to the competitive-research purpose, but it creates an external data boundary.
infsh app run tavily/search-assistant --input ...; infsh app run exa/search --input ...; infsh app run infsh/agent-browser --input ...
Avoid including confidential product strategy, private customer data, or nonpublic business information in prompts sent through these provider apps.