ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sa Clean

v1.0.0

Crawl any website and get a 0-100 SEO score with 50+ checks across Technical, On-Page, Schema, Social, and Compliance categories. Identifies quick wins, comp...

0· 40·0 current·0 all-time
by@drivenautoplex1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose (SEO audit + optional AI analysis) matches the requested dependencies (python3, requests, beautifulsoup4, anthropic). However the skill metadata declares ANTHROPIC_API_KEY as a required primary credential despite the SKILL.md describing free/demo modes that should not need an API key — requiring the key by default is disproportionate to the advertised free functionality.
!
Instruction Scope
The instructions explicitly tell the agent to run `python3 seo_audit_skill.py` and refer to a local script, network crawling, and AI (Claude Haiku) analysis. No code files are included in the package (instruction-only), so the runtime behavior described cannot be verified and the agent would be left to fetch/run missing code or fail. That missing-script mismatch is a significant scope/integrity problem. The instructions otherwise limit external network use to crawling target sites and the Anthropic API, which is coherent with the purpose.
Install Mechanism
The install spec lists Python packages (requests, beautifulsoup4, anthropic) rather than arbitrary downloads, which is proportionate. The installer kind is listed as 'uv' — not a standard, well-documented package manager name (e.g., pip) in the SKILL.md — so the exact installation mechanism is ambiguous and should be clarified before install.
Credentials
Only one credential is requested (ANTHROPIC_API_KEY), which is appropriate for AI-driven analysis. The problem: the skill advertises free/demo and compliance-only modes that should not require the key, yet ANTHROPIC_API_KEY is declared as required/primary in metadata. That forces a sensitive credential to be provided even when not necessary for all features.
Persistence & Privilege
The skill does not request always:true and has no special config paths. Model invocation is allowed (default), which is normal for skills. It does not request persistent system-wide privileges or modify other skills according to the provided metadata.
What to consider before installing
Do not install or provide your Anthropic API key yet. The SKILL.md refers to a local Python script (seo_audit_skill.py) that is not included — ask the publisher for the script or a link to a public repository/release you can inspect. Clarify what installer 'uv' means (is it pip?) and whether ANTHROPIC_API_KEY is truly required for demo/compliance modes. Because the skill crawls arbitrary URLs and can call an external AI service, giving it an API key would allow the skill to send crawled content to Anthropic; only supply credentials after reviewing the actual code or a trustworthy release. Prefer running in demo mode locally (no key) or on an isolated environment until you can verify the implementation and installer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bv3x8teqcqp6yjqzs7y2syn83snt3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Any binpython3
EnvANTHROPIC_API_KEY
Primary envANTHROPIC_API_KEY

Install

uvuv tool install requests
uvuv tool install beautifulsoup4
uvuv tool install anthropic

Comments