Research Company
PassAudited by ClawScan on May 1, 2026.
Overview
The skill’s behavior matches its stated purpose of researching companies and generating a PDF, with only disclosed, purpose-aligned notes around web-sourced content, an unpinned package install, and local PDF-generation code.
This appears safe to use for its stated purpose. Before installing, expect it to use web/search tools, possibly install the ReportLab Python package, run the included PDF generator, and write a temporary JSON file plus the final PDF. Verify important business claims against sources and install dependencies from a trusted environment.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A company website or search result could shape what appears in the PDF, so inaccurate or manipulative source content may affect the report.
The report is built from arbitrary external websites and search results. This is the intended research workflow, but fetched pages are untrusted content that can influence the generated report.
WebFetch: [company URL] WebSearch: "[company name] funding news 2024" ... Extract from website: company name, industry, HQ, founded, leadership...
Verify important claims and citations, and treat web page text as evidence to summarize rather than instructions to follow.
Installing packages during use can introduce dependency provenance and version-drift risk.
The skill relies on an unpinned third-party package install at use time. ReportLab is appropriate for the stated PDF-generation purpose, but it is not locked or declared in an install spec.
# Install if needed pip install reportlab
Install ReportLab from a trusted package source, preferably with a pinned version in a controlled environment.
The skill will execute a local script to create the report PDF and write files to the chosen output location.
The workflow runs included local Python code and writes temp/output files. This is disclosed and matches the PDF-generation purpose, but users should still expect local command execution.
python3 scripts/generate_report.py /tmp/research_data.json /path/to/output/report.pdf
Run it from the expected skill directory, use a workspace output path, and review the generated JSON when accuracy matters.