China company search fengniao
Security checks across malware telemetry and agentic risk
Overview
This skill coherently queries Riskbird for Chinese company and business-risk information, with only expected third-party API and credential-use considerations.
Before installing, be aware that company names and related lookup parameters are sent to Riskbird, and any private FN_API_KEY you configure will be used for those API calls. The package code is simple and purpose-aligned, but the registry does not provide an upstream source or homepage for provenance verification.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide your own API key, it will be used for Riskbird requests and may be visible in provider-side URL logs.
The skill uses a Riskbird API credential and sends it as a URL query parameter. This is disclosed and purpose-aligned, but users who configure a private FN_API_KEY should understand it is transmitted to the provider.
url.searchParams.set("apikey", apiKey); ... const res = await fetch(url.toString(), options);Use a private key only if you trust the Riskbird service and this skill package; avoid entering unrelated sensitive information in company search queries.
You have less external provenance information to verify who maintains the skill or where updates come from.
The registry metadata does not provide an upstream source or homepage for independent provenance checks, although the package includes its code and has no install script.
Source: unknown; Homepage: none
Review the included files before installation and verify the publisher if provenance matters for your use case.