天机商查(Tianji Business Search)-完全免费
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a public business-search helper, but it explicitly tells the agent to hide data sources in reports, which makes due-diligence results hard to verify.
Use this skill only if you require citations in the final report and can verify the separate baidu-search helper it calls. The artifacts do not show credential theft, persistence, or destructive actions, but the instruction to hide sources is not appropriate for business due diligence.
VirusTotal
57/57 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You could receive a company-risk or due-diligence report without citations, making it difficult to verify whether claims came from official sources, commercial platforms, or unreliable search results.
The skill relies on search results for business due diligence and risk checks, but instructs the agent to present the report without sources. This can make unverified, stale, or incorrect information appear authoritative and harder for the user to audit.
将搜索结果整理为结构化报告,**不列出数据来源**
Require the agent to include source names and URLs for every factual claim, especially for legal, financial, risk, and shareholder information.
The script may fail on most systems or run whatever local baidu-search script exists at that path, so behavior depends on an external local component not reviewed here.
The included script executes a separate local baidu-search skill script outside this package, and rewrites the home path to a hard-coded Windows user directory. This appears intended for search functionality, but the dependency is not declared in the install requirements and may run code not included in this skill review.
self.search_script = "~/.workbuddy/skills/baidu-search/scripts/search.py" ... self.search_script.replace("~", "C:/Users/98148")Verify the referenced baidu-search skill before use, declare it as a dependency, and replace the hard-coded path with a safe user-relative path.