Brand Sentiment Optimizer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: geo-sentiment-optimizer Version: 1.0.0 The `SKILL.md` file instructs the agent to execute a `bash` command (`python scripts/audit_sentiment.py --brand <domain> --output report.md`) that includes user-controlled arguments (`<domain>`, `report.md`). This pattern presents a shell injection vulnerability if the OpenClaw agent does not properly sanitize or quote these inputs before executing the command. While the provided `scripts/audit_sentiment.py` does not actually accept `--brand` or `--output` arguments (it takes `--content`), the instruction itself represents a risky capability that could be exploited if the agent's execution environment is not robust against such inputs, or if a different script were provided that did accept and unsafely use these arguments.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A documented command may fail or prompt a user/agent to look for code that was not reviewed with this skill.
The skill documents a score_sentiment.py tool, but the provided file manifest/source include only scripts/audit_sentiment.py. This makes the tool catalog incomplete and users should not fetch or substitute unreviewed code to satisfy the missing command.
python scripts/score_sentiment.py --content content.md
Use only the included files, or ask the maintainer to provide and register the missing script before running it.
Users may think the included script audits a website or writes a report, when it only scores supplied text.
The actual script accepts only a --content argument, while SKILL.md shows commands using --brand, --output, and --pages. This is a documentation/capability mismatch rather than evidence of malicious behavior.
parser.add_argument("--content", required=True)Treat the script as a simple text scorer unless the maintainer updates the code and documentation to match.