Salary Market Analysis
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: salary-market-analysis Version: 2.0.0 The salary-market-analysis skill bundle is a legitimate toolset for HR professionals to perform compensation benchmarking. It includes Python scripts for data cleaning (data_cleaner.py), statistical processing (multi_source_processor.py), and document conversion (csv_to_excel.py, markdown_to_word.py). The code uses standard libraries like pandas, numpy, and openpyxl for data handling and does not exhibit any signs of malicious behavior such as data exfiltration, unauthorized network access, or persistence mechanisms. The instructions in SKILL.md and the reference documentation are well-structured and align perfectly with the stated goal of professional salary analysis.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these dependencies may add code from external package sources and a browser runtime to the user's environment.
The skill documents user-run installs of third-party packages and an optional browser engine without a lockfile or install spec. This is purpose-aligned but still introduces normal dependency supply-chain exposure.
pip install numpy>=1.21.0 pandas>=1.3.0 openpyxl>=3.0.0 python-docx>=0.8.11 beautifulsoup4>=4.11.0 ... pip install playwright>=1.40.0; playwright install chromium
Install in a virtual environment, use trusted package indexes, consider pinning versions, and only install optional Playwright/Chromium if needed.
Automated scraping or browser extensions could interact with third-party sites in ways that violate site terms or collect more data than intended if misconfigured.
The guide describes optional automated collection from recruitment websites, including browser automation and proxy use. This fits the salary-data collection purpose, and the same guide advises robots.txt compliance, delays, and human validation, so it is a caution rather than a concern.
方案 2:Tampermonkey 用户脚本 ... 脚本自动提取数据 ... 方案 5:Playwright 自动化 ... 使用代理:避免 IP 被封
Prefer manual or reviewed collection flows, comply with site terms and robots.txt, use conservative rate limits, and do not run unreviewed automation scripts or browser extensions.