Due Diligence Analyst
v1.0.0AI-Powered Due Diligence Analysis - Automated comprehensive DD across financial, legal, business, and team dimensions for investment decisions
⭐ 0· 290·2 current·2 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (due diligence analyst) align with the code and SKILL.md: agents for company analysis and report generation, LLM-driven outputs, and planned integrations. Declared dependencies (zod, date-fns) and Node runtime are reasonable for this functionality.
Instruction Scope
Runtime instructions and code consistently use the provided LLM (context.llm.chat/Claude) and public/user-provided data to produce analysis. Note: using the LLM means user queries and supplied company data are sent to the LLM provider—avoid submitting confidential/PII unless you accept that provider's data handling. SKILL.md and code do not attempt to read local config files or unrelated system paths.
Install Mechanism
No install spec is provided (instruction-only deployment on platform), so nothing is automatically downloaded or executed. The published package contains dist JS files and a package.json; package.json defines a 'setup' script (bash scripts/setup-due-diligence.sh) but the repository manifest here lacks that scripts file. This is a cautionary note for anyone cloning and running npm scripts locally—inspect any setup script before running it.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That is proportional to its current LLM-based, public-data-only MVP design. Future planned integrations (Qichacha/Tianyancha, financial/legal DBs) would legitimately require API keys—expect future versions to request those.
Persistence & Privilege
Flags show always:false and normal autonomous invocation allowed. The skill does not request permanent system-wide privileges or attempt to modify other skills or agent configs in the provided code.
Assessment
This skill appears internally consistent for an LLM-driven due-diligence helper, but keep these practical precautions: 1) Do not submit confidential or sensitive company documents/personally-identifiable data—user inputs and prompts are sent to the LLM provider (Claude) and may be logged according to that provider's policy. 2) If you clone and build locally, inspect any scripts (e.g., scripts/setup-due-diligence.sh referenced in package.json) before running npm/pnpm scripts. 3) Future versions plan to integrate third-party corporate data APIs—those will require API keys and you should only provide those if you trust the skill author and have reviewed access scopes. 4) Remember the outputs are advisory only; verify critical facts via official sources. If you want higher assurance, ask the maintainer for a signed release or audit of the setup script and a clear data-handling/privacy statement for LLM usage.Like a lobster shell, security has layers — review code before you run it.
latestvk977k24wgna13ekzbewz4mbmsx82bdv3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.