Company Profiling
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: company-profiling Version: 1.0.3 The skill is designed for pharmaceutical industry analysis and company profiling using PatSnap's LifeScience MCP services. It provides structured workflows for analyzing R&D pipelines, patents, and financial history. The instructions in SKILL.md include a legitimate setup guide for connecting external MCP servers (e.g., connect.patsnap.com) and a functional connectivity check to ensure tools are active before processing queries. There are no indicators of data exfiltration, malicious execution, or harmful prompt injection; the behavior is entirely consistent with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the API key may be able to use the user's PatSnap API access, quota, or account permissions.
The skill requires a PatSnap API key and uses it to configure the remote MCP server. This is expected for the integration, but it is still a sensitive credential.
Log in to https://open.patsnap.com, go to **API Keys**, and create a new key... "https://connect.patsnap.com/096456/logic-mcp?apiKey=YOUR_API_KEY"
Use a dedicated or least-privilege PatSnap API key if available, do not share the configured URL, and rotate or revoke the key if it may have been exposed.
Company names, analysis requests, and tool parameters may be sent to the configured PatSnap MCP service during use.
The skill connects Claude Code to an external MCP server. This is disclosed and aligned with the skill's purpose, but it creates a data boundary with a third-party service.
claude mcp add --transport http pharma_intelligence "https://connect.patsnap.com/096456/logic-mcp?apiKey=sk-xxxxxxxxxxxx"
Verify the endpoint and provider before adding it, and avoid submitting confidential information unless PatSnap's terms and your organization's policies permit it.
Using the skill may consume PatSnap API quota and make additional MCP calls before or during an answer.
The instructions require provider tool calls for connectivity and may fetch all returned IDs up to a bounded threshold. This is relevant to the skill, but it can increase API usage and retrieve broader provider data than a minimal answer might require.
Before processing any user query after this skill loads, the following connectivity check MUST be performed... If _search tool returns no more than 100 results... ALWAYS call _fetch tool with whole search result IDs
Monitor API usage and ask for narrower analysis when needed; disconnect the MCP server if you no longer want the skill to use the provider.