ClawHub

Page CRO

v1.0.0

Conducts detailed audits of landing pages to identify conversion blockers and recommends prioritized fixes based on proven CRO principles and benchmarks.

0· 102·0 current·0 all-time
by@amdf01-debug
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description (landing page CRO audits) match the SKILL.md steps (fetch page, run heuristics, prioritise fixes). The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
The instructions are high-level and stay within the CRO domain, but they are vague about runtime behavior: 'Fetch URL and analyse' and 'Benchmark against industry conversion rates' do not specify how pages are fetched (static HTML vs. JS-rendered), what benchmark data sources are used, or where results/benchmarks are obtained. This grants the agent broad discretion to access arbitrary URLs and external benchmark sources when invoked.
Install Mechanism
There is no install spec and no code files — nothing will be written to disk or installed. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables, credentials, or config paths. Nothing appears disproportionate to a CRO audit.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or elevated privileges, and it does not modify system or other-skill configurations.
Scan Findings in Context
[no-findings] expected: The static regex scanner had no code to analyze (instruction-only skill), which is expected for a skill composed solely of runtime instructions.
Assessment
This skill appears to do what it says, but consider these before installing: 1) The skill will need to fetch whatever URL you ask it to audit — avoid submitting private or internal URLs unless you trust the agent. 2) The SKILL.md is vague about benchmark sources and how dynamic pages will be rendered; ask the publisher (or test) how industry conversion rates are sourced and whether the agent executes JavaScript or only analyses raw HTML. 3) Because it can access arbitrary URLs when invoked, be mindful of sensitive data you paste into prompts. 4) No credentials or installs are required, so there is no immediate credential-exfiltration signal — still review outputs for accidentally disclosed content. If you need stricter controls, run audits on a sandboxed agent or provide only non-sensitive public URLs.

Like a lobster shell, security has layers — review code before you run it.

conversionvk97bxpw8kx03ayyj273e6e0zj183b40ecrovk97bxpw8kx03ayyj273e6e0zj183b40elatestvk97bxpw8kx03ayyj273e6e0zj183b40e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments