← Back to Skills Marketplace
startup-researcher
by
Xiaoyu Kevin Hu
· GitHub ↗
· v1.3.2
· MIT-0
155
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install startup-researcher
Description
Research AI startups, funding, and product announcements. Generates a structured intelligence report as a PDF. Use when asked to research startups, update th...
Usage Guidance
This skill appears to do what it says: run web research, save per-company markdown profiles, synthesize category analyses, and produce a styled PDF. Before installing or running it, consider: (1) PDF generation: the skill may try to install system C-libraries (apt/brew/dnf) if WeasyPrint is absent — running these commands requires package-manager access and sometimes root privileges, so only allow installs in an environment where you trust the agent to run them; (2) file writes: it will write temporary and final files to your workspace under references/<date>/..., so ensure that directory is appropriate and does not contain sensitive data; (3) web access: the agent will browse and fetch public sites (including paywalled sources like Crunchbase/Pitchbook), so expect network activity and possible rate limits; (4) autonomous invocation: the skill can be invoked autonomously by the agent (default) and has tools to call the browser subagent, run shell commands, and write files — if you want to restrict automated runs, disable or require confirmation before execution. If you want to avoid installs, pre-provision Python + weasyprint + system libraries in the environment and/or instruct the agent not to attempt package-manager installs.
Capability Analysis
Type: OpenClaw Skill
Name: startup-researcher
Version: 1.3.2
The skill bundle is classified as suspicious because SKILL.md explicitly instructs the AI agent to use the 'run_command' tool to perform system-level modifications, including installing C-libraries and Python packages via 'apt-get', 'brew', 'dnf', and 'pip'. While these actions are plausibly needed for the stated purpose of rendering PDFs with WeasyPrint, providing an agent with instructions to execute arbitrary system-level installation commands represents a high-risk capability that could be exploited for remote code execution (RCE). No evidence of intentional malice, data exfiltration, or hidden backdoors was found in the code or the research prompts.
Capability Assessment
Purpose & Capability
Name/description (startup research + PDF output) matches the instructions and included files: watchlist.yaml, research prompts, report compiler, CSS, and example profiles. Declared dependencies (Python, Markdown, WeasyPrint) are reasonable for generating styled PDFs and markdown-to-HTML conversion. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to perform web searches, use a browser subagent, save per-company markdown profiles under references/<date>/..., aggregate category analyses, and generate a PDF. These steps are in-scope for the stated purpose. Two operational notes: (1) the skill tells the agent to always read the local watchlist.yaml and many bundled prompt files — expected for an orchestrator; (2) it instructs installing system C-libraries (pango/cairo/gdk-pixbuf) when WeasyPrint is not present, which requires package-manager commands and potentially elevated privileges; this is proportional to PDF generation but you should confirm you want the agent to run installs in your environment.
Install Mechanism
There is no automated install spec — this is instruction-only. The README suggests an npx install command for the repo, but the running instructions only recommend using the agent's tools to install Python packages or OS libraries if missing. No downloads from arbitrary URLs or extracted archives are required by the skill itself.
Credentials
The skill requests no environment variables, no external credentials, and no config paths. The prompts ask the agent to consult public sources (company websites, Crunchbase, news) which is consistent with the research goal. There are no requests for unrelated secrets or tokens.
Persistence & Privilege
always:false (not force-included). The skill writes files into a local workspace (references/<date>/...), which is expected for an orchestrator that saves intermediate profiles and final outputs. It does not request to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install startup-researcher - After installation, invoke the skill by name or use
/startup-researcher - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.2
fix: remove sudo from dependency installation to appease security scanners
v1.3.1
fix: updated native WeasyPrint pipeline with headers/footers, markdown tables, and date injections
v1.2.0
Refactored delivery logic to prompts, removed hardcoded config to bypass registry security flags.
v1.1.0
Made description succinct, moved delivery channel logic to instructions
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is startup-researcher?
Research AI startups, funding, and product announcements. Generates a structured intelligence report as a PDF. Use when asked to research startups, update th... It is an AI Agent Skill for Claude Code / OpenClaw, with 155 downloads so far.
How do I install startup-researcher?
Run "/install startup-researcher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is startup-researcher free?
Yes, startup-researcher is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does startup-researcher support?
startup-researcher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created startup-researcher?
It is built and maintained by Xiaoyu Kevin Hu (@hxy9243); the current version is v1.3.2.
More Skills