salary-market-analysis
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: skill-salary-market-analysis Version: 3.0.0 The skill bundle is a comprehensive and legitimate toolset for salary market analysis and compensation benchmarking. The included Python scripts (e.g., multi_source_processor.py, currency_converter.py) perform data cleaning, statistical analysis, and format conversion (CSV to Excel/Word) using standard libraries like pandas and openpyxl. There is no evidence of malicious intent, data exfiltration, or unauthorized execution; all logic is transparently aligned with the stated purpose of processing HR data and generating professional reports.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these dependencies runs and trusts third-party package code on the user's machine.
The skill asks the user to install third-party Python packages and optionally a browser runtime. This is consistent with data processing and optional automation, but it expands the local software supply chain.
pip install numpy>=1.21.0 pandas>=1.3.0 openpyxl>=3.0.0 python-docx>=0.8.11 beautifulsoup4>=4.11.0 # 可选:Playwright 自动化 pip install playwright>=1.40.0 playwright install chromium
Install in a virtual environment, use trusted package indexes, and consider pinning versions if using this in a controlled business workflow.
Automated collection can interact with third-party websites in ways that may violate site terms or trigger blocking if misused.
The documentation describes optional browser automation for collecting data from recruiting sites, including proxy use. It also tells users to obey robots.txt and control request frequency, so this is a usage caution rather than evidence of hidden or malicious behavior.
方案 5:Playwright 自动化 ⭐ 高效 ... python3 scripts/auto_collector.py --config config.json ... 使用代理:避免 IP 被封
Use manual collection or approved APIs where possible, keep automation slow and transparent, and confirm the legality and terms-of-service compliance for each data source.