Competitor Monitoring
v1.0.0Track competitors with pricing alerts, feature changes, positioning analysis, and strategic dossiers.
⭐ 0· 1k·1 current·2 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (competitor monitoring, alerts, dossiers) matches the instructions: storing dossiers under ~/competitor-monitoring, scanning pricing pages, changelogs, jobs, news, etc. The skill declares no binaries, env vars, or installs which is proportional for an instruction-only monitoring helper.
Instruction Scope
Instructions require the agent to read and write files in the user's home directory and to "scan" external sources (pricing pages, changelogs, LinkedIn, Crunchbase, social). The SKILL.md does not specify how to fetch those sources (scraping vs. API), nor does it set limits (rate limiting, authentication, legality). The Security & Privacy section appears truncated in the provided copy, so the guidance about external communications and sharing is incomplete.
Install Mechanism
No install spec and no code files — lowest install risk. The skill is instruction-only so nothing will be written to disk by an installer beyond whatever the agent itself does at runtime (its dossiers and memory files).
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportional for a public web-monitoring, note-taking assistant. It does mention LinkedIn/Crunchbase which sometimes require APIs or creds, but the skill does not request them, so any credential needs would be solicited at runtime (not predeclared).
Persistence & Privilege
The skill will create and persist files under ~/competitor-monitoring and instructs the agent to "update dossiers proactively" after research or mention. It does not set always:true, but agent autonomous invocation is allowed by default; combined with proactive update rules this gives the agent discretion to fetch and write data without explicit user prompts. This is expected for a monitoring skill but merits user controls (activation cadence, opt-in for proactive crawling).
Assessment
This skill appears to do what it claims: build and maintain competitor dossiers stored in ~/competitor-monitoring and surface alerts. Before installing, confirm these operational points: 1) Where and how will the agent fetch web data? (scraping vs official APIs), and who controls rate limits and credentials for sites like LinkedIn/Crunchbase. 2) Proactive behavior: the skill asks the agent to update dossiers proactively — decide whether you want autonomous periodic checks and set frequency/thresholds. 3) Data locality and retention: verify exactly what is written to ~/competitor-monitoring and whether any data is sent externally; the Security & Privacy section in the provided SKILL.md is truncated, so ask the author to clarify that all sensitive data stays local unless you opt in. 4) Legal/terms-of-service: scraping some sites can violate terms; confirm acceptable collection methods. If you need stricter controls, request an explicit toggle for proactive monitoring, logging of external requests, and a list of allowed domains/APIs.Like a lobster shell, security has layers — review code before you run it.
latestvk9721f4r932np70d93nvx1zva581m6rd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
OSLinux · macOS · Windows