40Medium
The skill recommends installing and updating unverified software via
Behavior Analysis
Mismatch detected — The stated purpose implies the skill actively 'researches markets' and 'turns fuzzy ideas into decision-ready evidence.' However, the actual content reveals it functions as a comprehensive guide and framework for *how* a user should conduct market research, rather than performing the research itself by accessing external data or running analysis tools by default.
Claims to do
When to Use: Use this skill when the user needs market evidence, not just opinions. It should activate for market sizing, opportunity validation, competitor landscape work, segment selection, pricing research, whitespace mapping, and expansion decisions.
Actually does
This skill provides structured guidance, frameworks, and best practices for conducting market research, covering market sizing, segmentation, competitor mapping, and demand validation. It references internal markdown files (`competitor-analysis.md`, `validation.md`, `evidence-grading.md`) for detailed methodologies. It explicitly states it does not make hidden outbound requests but implies it can perform live web research if explicitly requested by the user for current data.
Skill Info
Nameivangdavila/market-research
Registryclawhub
Version1.0.1
PURLpkg:clawhub/ivangdavila/market-research@1.0.1
Stars72
Downloads16,898
Installs189
Source
SHA-2569cb0edb3c0d1...
SHA-1425031027140...
MD54fe89b4f5602...
TLSH6fe1ea47b63c...
ssdeep96:RT9MqDvXl...
Size7,368 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install ivangdavila/market-researchAssessments (2)
AI Agent Traps ↗Potential for unauthorized skill installationmediumsupply chain
The skill recommends installing other skills using `clawhub install <slug>`. While it includes a 'if user confirms' safeguard, an autonomous agent could potentially bypass this, leading to the installation of unverified or malicious skills, expanding the attack surface.
80% confidenceline 163
Install with `clawhub install <slug>` if user confirms:
Supply chain risk via skill updatesmediumsupply chain
The skill suggests running `clawhub sync` to stay updated. This command could trigger updates for the current skill or other installed components. If the `clawhub` update source is compromised, this could introduce malicious code or unwanted changes.
80% confidenceline 173
Stay updated: `clawhub sync`
Description Mismatchmediumdescription mismatch
The stated purpose implies the skill actively 'researches markets' and 'turns fuzzy ideas into decision-ready evidence.' However, the actual content reveals it functions as a comprehensive guide and framework for *how* a user should conduct market research, rather than performing the research itself by accessing external data or running analysis tools by default.
85% confidence
Stated purpose: 'Research markets with sizing... that turn fuzzy ideas into decision-ready evidence.' Actual behavior: The skill content is entirely instructional, providing rules, modes, and briefs. The 'Security & Privacy' section states it 'does NOT: ... make hidden outbound requests' and 'Live web research is appropriate only when the task requires current market data or the user asks for external evidence.'
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/market-research)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/market-research"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/market-research.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/market-research.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow