美国市场政策查询Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a demo/mock policy-query skill, but it may expose API-key-style data source values and overstates its live AI analysis capabilities.
Install only if you understand this appears to be a demo/mock package. Avoid entering real API keys until credential handling is fixed, verify the package source, and confirm policy outputs against official sources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
API keys or sensitive data-source strings may appear in generated responses, logs, or downstream agent context.
The implementation copies the configured dataSource value into policy objects and top-level results. README examples configure dataSources from API-key environment variables, so a key used as a data source could be exposed in output or cached in memory.
const dataSource = this.config.dataSources[category]; ... dataSource, ... return { ... dataSource, language: this.config.language }Do not put raw API keys in dataSources until this is fixed; credentials should be separated from endpoint names, masked in outputs, and declared explicitly in metadata.
Users may rely on placeholder or mock policy information as if it were fresh AI-backed market analysis, which could affect business or investment decisions.
The README presents the skill as live DeepSeek-backed policy analysis, while the included implementation has no DeepSeek/Huimai dependency or network/API calls and labels data retrieval as simulated.
- 基于DeepSeek v4最新AI模型 - 智能政策分析和趋势预测 - **数据智能体层**:实时采集美国政策数据
Treat outputs as demo data unless the maintainer supplies working data-source/model integration and clearly documents limitations.
A user could accidentally install a different package or an unverified source if they follow the documentation without checking identity.
The documented install/package name differs from the evaluated registry slug `usa-market-policy-2026`, and the registry source/homepage are unknown. No malicious install behavior is shown, but provenance is unclear.
clawhub install usa-policy-query # 或手动安装 npm install usa-policy-query
Verify the package name, publisher, and source repository before installing or entering credentials.