ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cipher — Market Intelligence

v1.0.0

Market intelligence analyst — competitive analysis, pricing research, market sizing, trend reports. Every claim data-backed and sourced. Use when you need ma...

0· 54·0 current·0 all-time
by@renoblabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the provided instruction content (market sizing, pricing, trend reports). However the SKILL.md references an external agent fleet (AEA Arena) and a hiring CLI (mltl) and payment in ETH that are not documented elsewhere; it's unclear how the skill performs sourcing or billing without additional tools or credentials.
!
Instruction Scope
Instructions are high-level templates for outputs and include the CLI example `mltl hire --agent 44231 --task "your research request"`. The skill does not declare that `mltl` is required, nor explains how sources are gathered, how paid hires are executed, or whether browsing/paywalled APIs are used. The instructions are vague about external endpoints and operational steps, giving the agent broad discretion and external-dependency assumptions.
Install Mechanism
There is no install spec and no code files; that minimizes on-disk risk. Nothing will be written to disk by the skill itself. However, the SKILL.md's CLI implies external installation may be necessary — that external install is not provided by this package.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to an instruction-only research template. Be aware that actually using the referenced `mltl` hire flow or an AEA Arena Broker likely requires separate credentials or wallet access that are not declared here.
Persistence & Privilege
The skill does not request always-on presence and has default model-invocation settings. There is no indication it modifies other skills or system config.
What to consider before installing
This SKILL.md is an instruction-only market-research template with no code, no declared dependencies, and no credentials — which limits direct risk. However: 1) It references an external CLI (`mltl hire`) and ETH payments but doesn't declare that CLI or any payment mechanism; running that command would require you to install and trust a separate tool and likely to provide a crypto wallet. 2) The skill is vague about how sources are gathered (web scraping, paid data, APIs), so you should not assume it will autonomously fetch proprietary or paywalled data without extra setup. 3) If you plan to use it, verify the legitimacy of AEA Arena / mltl broker, understand payment flow and required credentials, and avoid pasting private keys or secrets into prompts. If you want a safer, self-contained research assistant, prefer skills that declare their data sources, required binaries, and any payment/credential needs explicitly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97203k9m10v072n2rprqq97n984f532

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments