Salary Market Analysis
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these dependencies may add code from external package sources and a browser runtime to the user's environment.
The skill documents user-run installs of third-party packages and an optional browser engine without a lockfile or install spec. This is purpose-aligned but still introduces normal dependency supply-chain exposure.
pip install numpy>=1.21.0 pandas>=1.3.0 openpyxl>=3.0.0 python-docx>=0.8.11 beautifulsoup4>=4.11.0 ... pip install playwright>=1.40.0; playwright install chromium
Install in a virtual environment, use trusted package indexes, consider pinning versions, and only install optional Playwright/Chromium if needed.
Automated scraping or browser extensions could interact with third-party sites in ways that violate site terms or collect more data than intended if misconfigured.
The guide describes optional automated collection from recruitment websites, including browser automation and proxy use. This fits the salary-data collection purpose, and the same guide advises robots.txt compliance, delays, and human validation, so it is a caution rather than a concern.
方案 2:Tampermonkey 用户脚本 ... 脚本自动提取数据 ... 方案 5:Playwright 自动化 ... 使用代理:避免 IP 被封
Prefer manual or reviewed collection flows, comply with site terms and robots.txt, use conservative rate limits, and do not run unreviewed automation scripts or browser extensions.