Landing
PassAudited by ClawScan on May 1, 2026.
Overview
This is a small local landing-page helper with no credential or network use, though it runs a disclosed shell script and inserts provided text directly into generated HTML.
This skill appears safe for normal local use. Before installing or invoking it, be aware that it runs a small bash script, creates a local data directory, and outputs raw HTML from provided text; inspect the generated page before publishing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run local bash code, but the included source is short, visible, and aligned with the stated purpose.
The skill explicitly instructs use of a packaged shell script. Local command execution is disclosed and central to the skill's landing-page workflow.
scripts/script.sh create <title description>
Review the included script before use and invoke it only for intended landing-page generation or inspection tasks.
If untrusted text is used as the title or description, unwanted HTML or script markup could be included in the generated page if it is later published.
The script concatenates command arguments directly into HTML without escaping or sanitizing them.
echo '<!DOCTYPE html><html><head><title>'$2'</title>...<p>'$3'</p></body></html>'
Use trusted inputs, sanitize or escape user-provided text, and review generated HTML before publishing it.