Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
IDX CMA Report
v0.1.0Generate comparative market analysis (CMA) and home valuation reports from IDX listing data and selected comparable properties. Use when a user wants to pick...
⭐ 0· 670·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included assets: a local script (scripts/build_cma.py), input schema, valuation guidelines, and publishing checklist. The skill asks the user/agent to obtain listings via an existing IDX MCP/CLI skill — this dependency is coherent for IDX-based CMAs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions stay within the CMA workflow: collect subject and comps (via IDX MCP/CLI), normalize to the provided schema, run the local Python script to produce report, and manually publish to Google AI Studio/Gemini Canvas by pasting the generated prompt and attaching cma_data.json. One minor oddity: the gemini prompt embedded in scripts/build_cma.py appears truncated in the distributed file ('…[truncated]'), which could mean the full prompt text is incomplete — that’s sloppy but not malicious. Instructions do not tell the agent to read unrelated files or to transmit data automatically to external endpoints.
Install Mechanism
There is no install spec (instruction-only skill with a bundled script). The Python script is pure standard-library code and does not attempt to download or execute external artifacts. No archive downloads, package installs, or third‑party registries are used.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. Note: the workflow expects an external IDX MCP/CLI skill to fetch listings — that other skill may require MLS/IDX credentials, which is reasonable and external to this package.
Persistence & Privilege
The skill does not request persistent presence (always:false) and contains no code to modify agent/system configurations. Autonomous invocation is allowed by platform default but the skill itself does not request elevated or persistent privileges.
Assessment
This package appears to be a straightforward, local CMA generator, but please consider the following before use: 1) Inspect the included scripts/build_cma.py locally and run on sample data in a safe environment — it is pure Python and uses only the standard library, but you should still review code before execution. 2) The skill expects you to use an existing IDX MCP/CLI to fetch listings; that tool will likely require MLS/IDX credentials — verify you trust that tool and comply with MLS/IDX data-sharing rules. 3) The generated Gemini/AI Studio prompt may contain property data; when you paste data into Google AI Studio/Gemini Canvas you are intentionally sharing that data with Google — ensure you have permission to share client/MLS data. 4) Note the gemini prompt in the script appears truncated; confirm the prompt text is complete for your publishing needs. 5) Always validate automated valuations before presenting to clients (the skill itself includes disclaimers). If you want extra assurance, run the script in an isolated environment and test the outputs against known examples.Like a lobster shell, security has layers — review code before you run it.
cmavk9701epy0yy0d4qnwh9y9yjdeh81a2xeidxvk9701epy0yy0d4qnwh9y9yjdeh81a2xelatestvk9701epy0yy0d4qnwh9y9yjdeh81a2xereal-estatevk9701epy0yy0d4qnwh9y9yjdeh81a2xe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.