ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Geo Fix Schema

v1.2.0

Analyze a website's structured data and generate ready-to-use JSON-LD schema markup to improve AI discoverability. Use when the user asks to fix schema, add...

0· 29·1 current·1 all-time
byEugene Liu@enzyme2013
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (generate JSON-LD schema to improve AI discoverability) matches the SKILL.md instructions: fetch public pages, extract existing schema, score gaps, and generate JSON-LD templates. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
The instructions legitimately require fetching up to 6 site pages and parsing HTML (JSON-LD, microdata, RDFa, meta tags, headings). This is appropriate for the stated purpose. The skill explicitly warns to treat fetched HTML as untrusted and to ignore any embedded 'instructions' found in page content (anti-prompt-injection guidance). Consider that fetching URLs is an outbound network action and that users should avoid supplying private/authenticated URLs or content containing confidential data.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk/write/execute risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system-level access.
Persistence & Privilege
always:false (default) and normal autonomous invocation allowed. The skill does not request permanent presence or to modify other skills or system settings.
Scan Findings in Context
[ignore-previous-instructions] unexpected: The regex scanner flagged an 'ignore-previous-instructions' pattern in SKILL.md. In context the skill explicitly instructs the agent NOT to follow any instructions found in fetched HTML and to treat fetched content as untrusted (i.e., this is presented as anti-prompt-injection guidance). That makes this likely a false-positive detection of a common prompt-injection phrase, but it was correctly surfaced by the scanner.
Assessment
This skill looks coherent and low-risk, but review the following before installing: 1) Understand the agent will fetch public webpages you provide — do not supply URLs that require authentication or contain confidential data. 2) Validate any generated JSON-LD before deploying (use https://validator.schema.org/). 3) Inspect outputs for accidental PII (addresses/phone numbers) and correct entity data (names, URLs, dates). 4) The SKILL.md contains explicit anti-prompt-injection instructions; the scanner flagged a pattern but here it appears to be a protective measure. 5) If you need the agent to analyze private or authenticated pages, prefer a manual approach (export HTML) rather than giving credentials or private endpoints to the agent.
!
SKILL.md:39
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

ai-visibilityvk976gcc7x1qpv6v96xkwxk5bj1849ny6geovk976gcc7x1qpv6v96xkwxk5bj1849ny6latestvk976gcc7x1qpv6v96xkwxk5bj1849ny6seovk976gcc7x1qpv6v96xkwxk5bj1849ny6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments