Company Research (CN)
v5.0.0企业/行业研究与访谈问题生成。当用户说"研究一下XX公司"、"XX行业分析"、"帮我出访谈问题"、"尽调XX"、"XX竞争格局"时激活。支持行业竞争分析、企业基本面摸底、访谈问题清单、上市公司财务分析。不用于日常新闻、股票技术分析或投资报告(分别用 daily-news、stock-analysis、family...
⭐ 0· 43·0 current·0 all-time
by@xwz119
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (company research, interview question generation, financial and industry analysis) align with the SKILL.md workflow: signal collection, topic convergence, deep research, risk review, CIO decision and deliverables. No unrelated environment variables, binaries, or installers are requested.
Instruction Scope
Instructions are concrete and focused on research tasks (web_fetch/web_search, evidence layering, citation checking). Two items to note: (1) Phase 6 mandates writing a memory/YYYY-MM-DD.md entry (persistent archival of the study); (2) multi-role mode launches an independent sub-agent via sessions_spawn that receives the full report + risk-review prompt. Both are coherent for the purpose but broaden the scope of data handled and create additional data-sharing/transmission steps that the user should be aware of.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk model: nothing is downloaded or written by an installer.
Credentials
The skill declares no required env vars or credentials, which is consistent. However the SKILL.md references using tools/connectors (web_fetch, feishu_doc, memory write, sub-agent runtime). Those will use whatever platform connectors/credentials are available; the skill itself does not request extra secrets but will attempt to use external endpoints if the agent has connectors enabled.
Persistence & Privilege
always:false and it doesn't request system-wide privileges or modify other skills. It does, however, require persisting a summary into agent memory and can write to Feishu if asked — this creates persistent artifacts and cross-service transmission. The skill also spawns independent sub-agents for risk review when multi-role mode is enabled, increasing the blast radius of any sensitive content included.
Assessment
This skill appears coherent for investor/company research, but take these precautions before installing/using it: 1) Be aware it mandates writing a summary into agent memory (memory/YYYY-MM-DD.md). If you expect sensitive or non-public material in a session, avoid enabling the skill's automatic archive or redact sensitive details before confirming write. 2) The multi-role flow spawns a sub-agent and passes the full report into it — treat that as an extra human/agent reader and avoid including secrets or private documents you don't want propagated. 3) If you ever ask it to 'write to Feishu' or similar, the skill will use the agent's connector; ensure you only allow connectors you trust and confirm before sending data to external services. 4) The skill relies on web_fetch/web_search for citations — verify key sources yourself (the workflow includes citation checks but you should spot-check critical URLs). 5) If you need guaranteed non-persistent or offline behavior, request an option to disable the memory-archiving step and sub-agent spawning; lack of that option is the main privacy/usability downside. Overall the skill is internally consistent with its stated purpose, but review connector/memory policies and avoid feeding private credentials or non-public files into the session.Like a lobster shell, security has layers — review code before you run it.
latestvk973cs9qk2yt9far3rmwez1nd58450kz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.