Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Geo Fix Content
v1.2.0Rewrite website content to maximize AI citability — remove hedge language, add data support, improve self-containment, and optimize structure for AI engines....
⭐ 0· 27·1 current·1 all-time
byEugene Liu@enzyme2013
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (make content more citable for AI) align with the SKILL.md and the included reference files. The skill is instruction-only, requires no binaries or credentials, and its operations (fetch page, extract paragraphs, rewrite) are consistent with the stated purpose. Minor note: README contains an npx install example referencing 'Cognitic-Labs/geoskills' which does not match the registry owner metadata — likely a copy/paste artifact but worth verifying the source/origin before trusting installation instructions.
Instruction Scope
The SKILL.md gives detailed, paragraph-level extraction and rewrite rules and explicitly treats fetched HTML as untrusted and instructs detection of prompt-injection patterns (good). However, several rewrite rules push the agent to replace hedged language with definitive, numeric claims and to 'add data' or metrics; while the doc says to use '[TODO: add specific metric]' when real data is unknown, the style and examples strongly encourage inserting specific numbers and sources. That creates a real risk of fabricated metrics or invented citations if the agent or user does not strictly enforce 'do not invent numbers' safeguards. Also the skill expects the agent to fetch pages — ensure the agent's network access and content permissions are appropriate.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files — low install risk. The README's npx install line references a different repo name (possible inconsistency) but there is no active install script in the package contents provided.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Its functionality (fetching and rewriting public web content or pasted text) does not require secrets, so required privileges are proportionate.
Persistence & Privilege
always is false and the skill has no install-time persistence behavior specified. It does not request to modify other skills or system settings. Autonomous invocation is enabled (the platform default) but does not combine here with other concerning privileges.
Scan Findings in Context
[ignore-previous-instructions] expected: The pre-scan flagged 'ignore-previous-instructions' but SKILL.md deliberately references that phrase as an example of prompt injection and instructs the agent to detect and ignore such injected instructions in fetched content. The detection is expected and the skill handles it explicitly in its security section.
What to consider before installing
This skill appears to do what it says and requests no secrets, but take these precautions before enabling it: 1) Verify the skill source/owner (README's npx example differs from registry metadata) — avoid installing code from unknown or mismatched repos. 2) Require the agent to never fabricate numbers or sources: add an explicit guard that any added metric must be supported by a verifiable citation or be left as a clearly-marked placeholder (e.g., [TODO: add metric]) in the output. 3) Test the skill with non-sensitive, public example pages to see how it populates metrics and citations — check outputs for hallucinated statistics or made-up sources. 4) If you do not want the agent fetching external URLs, only allow pasted text inputs. 5) Monitor outputs for accidental inclusion of PII scraped from fetched pages and ensure you have permission to fetch the target content. If you need higher assurance, ask the skill author for provenance (homepage, source repo) and explicit anti-hallucination guards before using on production content.SKILL.md:28
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
ai-visibilityvk974yrjx1nfn54sa3p7drxtrq18484tjgeovk974yrjx1nfn54sa3p7drxtrq18484tjlatestvk974yrjx1nfn54sa3p7drxtrq18484tjseovk974yrjx1nfn54sa3p7drxtrq18484tj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.