Enterprise Intro
v1.0.1企业百科生成技能 - 基于多维企业数据生成专业的企业洞察简介报告。 Use when: 用户需要生成企业信用分析报告、商业调研报告、投资尽调报告,或需要快速了解一家企业的综合信息。 NOT for: 实时股票行情查询、个人征信查询、非中国大陆企业查询、需要最新财务数据(API数据可能有滞后)。
⭐ 0· 112·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description: enterprise/company-profile generation for China; declared ENV vars: CHINADAAS_UID, CHINADAAS_KEY, CHINADAAS_BASE_URL — these directly map to the API authentication and endpoint described in SKILL.md. The large set of scripts corresponds to the multi-dimensional data the description promises, so the requirements are proportionate.
Instruction Scope
SKILL.md and the scripts instruct the agent to send enterprise names and related query parameters to the provider specified by CHINADAAS_BASE_URL and to format results into Markdown templates. The SKILL.md explicitly warns that queries are transmitted to the third‑party API. There is no instruction to read unrelated system files or to exfiltrate environment variables beyond the CHINADAAS_* trio. Note: the skill exposes convenience entrypoints like fetch_all/fetch_multiple which can trigger many API calls for bulk queries — consider this when supplying large lists (it will transmit each queried name to the external API).
Install Mechanism
No install spec (instruction-only) is provided; code files are bundled but no remote downloads/executables are fetched by an installer. Risk is low from install perspective, though the code requires a Python runtime and typical libraries (requests). The skill will execute local Python code when invoked by the agent.
Credentials
Only three environment variables are required (UID, KEY, BASE_URL) and the SKILL.md documents they are API creds for the stated provider. These names and the declared primary credential (CHINADAAS_KEY) match the service purpose. No unrelated secrets or system config paths are requested.
Persistence & Privilege
always is false (default) and the skill does not request persistent or platform-wide privileges. It does not modify other skills or request elevated system configuration. Normal autonomous invocation is allowed (disable-model-invocation: false) but this is the platform default and not flagged on its own.
Scan Findings in Context
[no_findings] expected: Static pre-scan reported no injection signals. Given the skill is a straightforward API client + formatter, lack of regex findings is expected. The source files include many API call sites (call_api / requests) which are consistent with purpose.
Assessment
This skill appears to do what it claims: it sends queried company names to the CHINADAAS API (provider referenced as qibook.com) and formats returned data into reports. Before installing or enabling it:
- Only set CHINADAAS_UID / CHINADAAS_KEY / CHINADAAS_BASE_URL for a provider you trust; these are API credentials and will be sent in requests.
- Verify CHINADAAS_BASE_URL actually points to the expected provider domain (e.g., qibook.com) — otherwise queries (and any company names you submit) could go to a different server.
- Be cautious with bulk operations (fetch_all or passing many names): each name will be transmitted to the external API and may produce many outbound requests.
- Review and run the code in a controlled environment (sandbox) if you need to audit behavior; the package will execute Python code and uses the requests library (ensure your runtime has the expected dependencies).
- Do not use this skill to query sensitive or confidential company data; SKILL.md already warns against transmitting sensitive information.
If you want higher assurance, ask the publisher for the official API docs/endpoint and a signed release or run the bundled scripts locally against a test account to observe network calls and responses.Like a lobster shell, security has layers — review code before you run it.
latestvk9747ad9s7krzga19kxt0fxg1s8328tb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
EnvCHINADAAS_UID, CHINADAAS_KEY, CHINADAAS_BASE_URL
Primary envCHINADAAS_KEY