ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

super-market-research

v1.0.0

Research markets with sizing, segmentation, competitor mapping, pricing checks, and demand validation that turn fuzzy ideas into decision-ready evidence. Use...

0· 37·0 current·0 all-time
by@subaru0573
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included guidance files (competitor-analysis.md, validation.md, evidence-grading.md). No binaries, env vars, or config paths are requested — all are appropriate for a purely instructional market-research skill.
Instruction Scope
SKILL.md directs the agent to use the bundled research frameworks and public data sources (e.g., filings, review sites, job posts, search trends) and explicitly disallows unethical techniques. The instructions do not tell the agent to read system files, environment variables, or send data to hidden endpoints.
Install Mechanism
There is no install spec and no code to run; this is instruction-only so nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance references public services (LinkedIn, G2, Crunchbase) which do not imply need for secrets in the skill itself.
Persistence & Privilege
always:false (default) and disable-model-invocation:false (normal). The skill does not request persistent system privileges or modification of other skills' configs.
Assessment
This skill appears coherent and safe from a capability-alignment perspective: it is an instruction-only market research guide that asks for nothing sensitive and installs nothing. Before installing, you may want to: (1) confirm the publisher/homepage and whether the owner IDs and version numbers are intentional (SKILL.md shows version 1.0.1 while the registry metadata lists 1.0.0, and _meta.json ownerId differs from the registry ownerId); (2) review the small stray phrase of gibberish in the description (likely editorial noise) to ensure no tampering; (3) be mindful that following the guidance may involve querying third-party sites (respect their terms of service and avoid scraping behind paywalls); and (4) only allow autonomous invocation if you trust agents to run general-purpose research tasks (autonomy is platform-default and not itself a red flag). If you want higher assurance, ask the publisher for a signed manifest or a clear author attribution to resolve the metadata mismatches.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxcb0ftepe73kp3c26esnb5843kfm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
OSLinux · macOS · Windows

Comments