ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Affiliate Marketing Optimizer

v1.0.0

Optimize affiliate marketing by improving product selection, link strategies, compliance, conversion rates, tracking, and performance analysis.

0· 36·0 current·0 all-time
by@eric060
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to perform tracking setup, performance analysis, and platform-specific optimizations (which normally require API keys, analytics access, or integration tooling), yet the package declares no required credentials, binaries, or integration endpoints. That mismatch suggests either the skill is only advisory (not clearly stated) or it omits needed requirements.
!
Instruction Scope
SKILL.md gives a Usage line that runs python skills/affiliate-marketing-optimizer/optimize.py, but no code files are present in the manifest. The instructions do not say what input data, accounts, or API credentials are needed, and offer no safe fallback. This is an internal inconsistency and would prevent the agent from actually performing the stated tasks.
Install Mechanism
There is no install spec and no code to install; that minimizes installation risk. However, because no code is present, the Usage example is misleading.
Credentials
No environment variables or credentials are requested. For advisory-only functionality this can be fine, but features like tracking setup or performance analysis typically require API keys or analytics access. The absence could mean limited functionality or missing declarations.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level configuration. Autonomous invocation is allowed by default, which is expected for skills but introduces potential risk if the skill later required credentials.
What to consider before installing
Do not install or grant credentials yet. Ask the publisher to explain the missing pieces: where is optimize.py and any other code, what inputs and API keys the skill needs, and provide a homepage or source repository for review. If you still want to try it, require a code review or run it in a sandboxed environment; never supply sensitive API keys until you verify the implementation. Prefer skills that declare required integrations and provide source or release URLs you can audit.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crtbkqxt7egenhf8rr05yax84vtnv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments