The skill recommends installing and updating unverified software via
Claims to do
When to Use: Use this skill when the user needs market evidence, not just opinions. It should activate for market sizing, opportunity validation, competitor landscape work, segment selection, pricing research, whitespace mapping, and expansion decisions.
Actually does
This skill provides structured guidance, frameworks, and best practices for conducting market research, covering market sizing, segmentation, competitor mapping, and demand validation. It references internal markdown files (`competitor-analysis.md`, `validation.md`, `evidence-grading.md`) for detailed methodologies. It explicitly states it does not make hidden outbound requests but implies it can perform live web research if explicitly requested by the user for current data.
openclaw skills install ivangdavila/market-researchThe skill recommends installing other skills using `clawhub install <slug>`. While it includes a 'if user confirms' safeguard, an autonomous agent could potentially bypass this, leading to the installation of unverified or malicious skills, expanding the attack surface.
Install with `clawhub install <slug>` if user confirms:
The skill suggests running `clawhub sync` to stay updated. This command could trigger updates for the current skill or other installed components. If the `clawhub` update source is compromised, this could introduce malicious code or unwanted changes.
Stay updated: `clawhub sync`
The stated purpose implies the skill actively 'researches markets' and 'turns fuzzy ideas into decision-ready evidence.' However, the actual content reveals it functions as a comprehensive guide and framework for *how* a user should conduct market research, rather than performing the research itself by accessing external data or running analysis tools by default.
Stated purpose: 'Research markets with sizing... that turn fuzzy ideas into decision-ready evidence.' Actual behavior: The skill content is entirely instructional, providing rules, modes, and briefs. The 'Security & Privacy' section states it 'does NOT: ... make hidden outbound requests' and 'Live web research is appropriate only when the task requires current market data or the user asks for external evidence.'
[](https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/market-research)<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/market-research"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/market-research.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/market-research.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.