Stainless Competitor Intel
Security checks across malware telemetry and agentic risk
Overview
This instruction-only competitor-intelligence skill is mostly coherent, but it explicitly encourages deceptive information-gathering methods such as pretending to be a customer.
Install only if you will use it within clear legal and ethical boundaries. Keep the work limited to public or authorized sources, do not let an agent pretend to be a customer or solicit confidential information, and require citations and human review before acting on any competitor claims.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may advise or help conduct deceptive competitor research, which could expose the user or organization to complaints, contract issues, or compliance problems.
The skill explicitly includes obtaining information through suppliers/customers and pretending to be a customer, which can mislead third parties and create legal, ethical, or reputational risk.
- **供应商**:共同供应商透露信息 - **客户**:客户反馈竞品情况 - **价格打听**:假装客户询价
Restrict the skill to lawful public or authorized sources, remove pretexting instructions, require human approval for outreach, and document compliance boundaries.
Using third-party data sources may incur costs, rate limits, or terms-of-service obligations.
The skill expects use of external business-data providers and industry sources. This is aligned with competitor analysis, but users should ensure access is authorized and complies with provider terms.
- **工商数据**:极速数据 API/企查查/天眼查 - **行业网站**:我的钢铁网/上海有色网/不锈钢协会
Use official APIs or permitted access methods, cite sources, and avoid scraping or querying services in ways that violate terms.
Reports could contain inaccurate, sensitive, or reputationally risky claims about competitors or customers.
The skill may synthesize informal or unverified human feedback into competitor profiles and SWOT reports, which could be over-trusted if sources and confidence are not tracked.
- **客户评价**:口碑/满意度 - **客户**:客户反馈竞品情况 - **行业人脉**:同行交流
Require citations, confidence labels, source dates, and verification before using the output for business decisions.
If implemented later, recurring monitoring could continue collecting and sending business intelligence unless the schedule and recipients are controlled.
The documentation contemplates recurring monitoring and push alerts. No background runner or persistence is included, so this is a notice rather than evidence of autonomous execution.
await collector.monitorCompetitors({
监控列表:["公司 A", "公司 B"],
监控频率:"weekly",
推送渠道:"feishu"
});Make monitoring explicitly opt-in, show configured targets and recipients, and provide a clear way to pause or delete scheduled alerts.