← 返回 Skills 市场
startup-researcher
作者
Xiaoyu Kevin Hu
· GitHub ↗
· v1.3.2
· MIT-0
155
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install startup-researcher
功能描述
Research AI startups, funding, and product announcements. Generates a structured intelligence report as a PDF. Use when asked to research startups, update th...
安全使用建议
This skill appears to do what it says: run web research, save per-company markdown profiles, synthesize category analyses, and produce a styled PDF. Before installing or running it, consider: (1) PDF generation: the skill may try to install system C-libraries (apt/brew/dnf) if WeasyPrint is absent — running these commands requires package-manager access and sometimes root privileges, so only allow installs in an environment where you trust the agent to run them; (2) file writes: it will write temporary and final files to your workspace under references/<date>/..., so ensure that directory is appropriate and does not contain sensitive data; (3) web access: the agent will browse and fetch public sites (including paywalled sources like Crunchbase/Pitchbook), so expect network activity and possible rate limits; (4) autonomous invocation: the skill can be invoked autonomously by the agent (default) and has tools to call the browser subagent, run shell commands, and write files — if you want to restrict automated runs, disable or require confirmation before execution. If you want to avoid installs, pre-provision Python + weasyprint + system libraries in the environment and/or instruct the agent not to attempt package-manager installs.
功能分析
Type: OpenClaw Skill
Name: startup-researcher
Version: 1.3.2
The skill bundle is classified as suspicious because SKILL.md explicitly instructs the AI agent to use the 'run_command' tool to perform system-level modifications, including installing C-libraries and Python packages via 'apt-get', 'brew', 'dnf', and 'pip'. While these actions are plausibly needed for the stated purpose of rendering PDFs with WeasyPrint, providing an agent with instructions to execute arbitrary system-level installation commands represents a high-risk capability that could be exploited for remote code execution (RCE). No evidence of intentional malice, data exfiltration, or hidden backdoors was found in the code or the research prompts.
能力评估
Purpose & Capability
Name/description (startup research + PDF output) matches the instructions and included files: watchlist.yaml, research prompts, report compiler, CSS, and example profiles. Declared dependencies (Python, Markdown, WeasyPrint) are reasonable for generating styled PDFs and markdown-to-HTML conversion. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to perform web searches, use a browser subagent, save per-company markdown profiles under references/<date>/..., aggregate category analyses, and generate a PDF. These steps are in-scope for the stated purpose. Two operational notes: (1) the skill tells the agent to always read the local watchlist.yaml and many bundled prompt files — expected for an orchestrator; (2) it instructs installing system C-libraries (pango/cairo/gdk-pixbuf) when WeasyPrint is not present, which requires package-manager commands and potentially elevated privileges; this is proportional to PDF generation but you should confirm you want the agent to run installs in your environment.
Install Mechanism
There is no automated install spec — this is instruction-only. The README suggests an npx install command for the repo, but the running instructions only recommend using the agent's tools to install Python packages or OS libraries if missing. No downloads from arbitrary URLs or extracted archives are required by the skill itself.
Credentials
The skill requests no environment variables, no external credentials, and no config paths. The prompts ask the agent to consult public sources (company websites, Crunchbase, news) which is consistent with the research goal. There are no requests for unrelated secrets or tokens.
Persistence & Privilege
always:false (not force-included). The skill writes files into a local workspace (references/<date>/...), which is expected for an orchestrator that saves intermediate profiles and final outputs. It does not request to modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install startup-researcher - 安装完成后,直接呼叫该 Skill 的名称或使用
/startup-researcher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.2
fix: remove sudo from dependency installation to appease security scanners
v1.3.1
fix: updated native WeasyPrint pipeline with headers/footers, markdown tables, and date injections
v1.2.0
Refactored delivery logic to prompts, removed hardcoded config to bypass registry security flags.
v1.1.0
Made description succinct, moved delivery channel logic to instructions
v1.0.0
Initial release
元数据
常见问题
startup-researcher 是什么?
Research AI startups, funding, and product announcements. Generates a structured intelligence report as a PDF. Use when asked to research startups, update th... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 155 次。
如何安装 startup-researcher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install startup-researcher」即可一键安装,无需额外配置。
startup-researcher 是免费的吗?
是的,startup-researcher 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
startup-researcher 支持哪些平台?
startup-researcher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 startup-researcher?
由 Xiaoyu Kevin Hu(@hxy9243)开发并维护,当前版本 v1.3.2。
推荐 Skills