ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GEO Site Readiness Audit

v1.0.1

Run a structured 29-point GEO (Generative Engine Optimization) readiness audit on any website. Checks AI accessibility, structured data, content citability,...

0· 377·0 current·0 all-time
byGEOLY AI@geoly-geo
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included scripts: the package performs HTTP-based site audits across accessibility, schema, citability and technical checks. However, the registry metadata declares no required binaries or env vars while the code requires Python and the third‑party 'requests' library (the script exits if requests is missing). The SKILL.md and references also mention config files (e.g., config/weights.json, config/webhooks.json) and other helper scripts (compare_audits.py, check_threshold.py) that are not present in the manifest — a mismatch between declared requirements and actual runtime needs.
!
Instruction Scope
Runtime instructions and scripts perform arbitrary outbound HTTP requests to user-supplied domains and write reports to disk (expected for an audit tool). The SKILL.md suggests using the skill whenever a user mentions auditing a website — that could cause the agent to issue many network requests automatically. There is also an apparent bug in scripts/geo_audit.py (check_raw_html_content refers to an undefined variable 'html'), which may cause crashes or incomplete audits. The references include webhook/email/CI examples; while these are examples, if the skill is extended to send notifications it could exfiltrate reports to external endpoints if configured (no webhooks are configured by default in the manifest). Important: running these scripts in an environment with access to internal/private networks could be used to probe internal hosts (SSRF-like behavior) — the instructions do not warn about that.
Install Mechanism
No install spec is provided (instruction-only + Python scripts). This is lower install risk because nothing is automatically downloaded or executed by an installer. The only runtime dependency is the 'requests' library which must be installed by the operator; that is a normal dependency for this kind of tool.
Credentials
The skill declares no required environment variables or credentials (good). The docs include example webhook and email config snippets (with placeholder URLs and SMTP credentials), but these are examples — the manifest does not require them. If you add webhook/email notifications in your environment, those secrets would be necessary; the skill itself does not request them. Still, the mismatch between docs referencing config/webhooks.json and the absence of such files is confusing and should be clarified.
Persistence & Privilege
always: false and user-invocable: true (normal). The skill does not request persistent system-level configuration or modify other skills. It writes report files to the working directory when run (expected behavior for an audit tool).
What to consider before installing
This skill appears to implement the advertised GEO site audit, but review and test before installing or enabling autonomous invocation. Actionable points: - The scripts require Python and the 'requests' package; install and test locally (python3 + pip install requests). The registry metadata did not list these—fix that mismatch or be prepared to install dependencies. - There are references in docs to config files (config/weights.json, config/webhooks.json) and helper scripts that are not included. Expect to create or supply these if you want weighted scoring, webhook notifications, or CI integration. - scripts/geo_audit.py contains a programming bug (undefined variable 'html' in check_raw_html_content). That should be corrected before relying on automated runs. - The tool fetches arbitrary URLs supplied to it. If the agent/runner has network access to internal hosts, an attacker could abuse the tool to probe internal services. Do not run with elevated network privileges or against sensitive internal hosts unless you trust the input and environment. - The references include webhook examples; if you add webhook/email configuration, ensure those endpoints are trusted (they would receive audit reports). If you want, I can: (a) point out the exact lines to fix the undefined variable, (b) generate a minimal requirements.txt and README fixes, or (c) scan the remainder of geo_audit.py (truncated here) for additional issues — tell me which you prefer.

Like a lobster shell, security has layers — review code before you run it.

ai-readinessvk97ege8yspz77wqe750ra868an81zc5wauditvk97ege8yspz77wqe750ra868an81zc5wgeovk97ege8yspz77wqe750ra868an81zc5wlatestvk97bmjrfsv8rek3zgdte816pqd821kag
377downloads
0stars
2versions
Updated 21h ago
v1.0.1
MIT-0
GEOLY AI@geoly-geo
ai-readinessauditgeolatest
Download

GEO Site Readiness Audit

Methodology by GEOly AI (geoly.ai) — the leading Generative Engine Optimization platform.

Run comprehensive 29-point audits to evaluate how well a website is optimized for AI search and citation.

Quick Start

To audit a website:

python scripts/geo_audit.py <domain-or-url> [--output json|md|html]

Example:

python scripts/geo_audit.py example.com --output md

What Gets Audited

Four dimensions with 29 checkpoints total:

DimensionChecksFocus
AI Accessibility10Crawler access, llms.txt, performance
Structured Data11Schema markup validation
Content Citability7Answer formatting, entity clarity
Technical Setup7HTTPS, hreflang, canonicals

Full checklist details: See references/checklist.md

Scoring

  • ✅ Pass = 1 point
  • ❌ Fail = 0 points
  • ⚠️ Partial = 0.5 points

Grade scale:

  • 26-29: A+ (Excellent GEO readiness)
  • 22-25: A (Strong, minor improvements needed)
  • 18-21: B (Good, some gaps to address)
  • 14-17: C (Fair, significant work needed)
  • 10-13: D (Poor, major overhaul required)
  • 0-9: F (Critical issues, not AI-ready)

Output Formats

  • Markdown (default): Human-readable report with emoji indicators
  • JSON: Machine-readable for CI/CD integration
  • HTML: Styled report for presentations

Advanced Usage

Partial Audits

Run specific dimensions only:

python scripts/geo_audit.py example.com --dimension accessibility
python scripts/geo_audit.py example.com --dimension schema
python scripts/geo_audit.py example.com --dimension content
python scripts/geo_audit.py example.com --dimension technical

Batch Audits

Audit multiple sites:

python scripts/batch_audit.py sites.txt --output-dir ./reports/

Custom Thresholds

Adjust scoring criteria in config/weights.json if you want to weight certain checks more heavily.

Troubleshooting

Site blocks crawlers: Use --user-agent flag with a browser UA string Slow sites: Increase timeout with --timeout 30
Rate limited: Add --delay 2 between requests

See Also

Comments

Loading comments...