Hoverbot Chatbot
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A third-party script will execute on the user's website and interact with site visitors through the chat widget.
The skill instructs users to embed a remote third-party JavaScript widget on their website. This is central to the HoverBot purpose, but the remote script is not part of the reviewed artifacts.
<script async src="https://cdn.hoverbot.ai/widget.js"></script>
Only add the widget to sites you control, verify the HoverBot domain and dashboard settings, and review the provider's security/privacy posture before deploying on sensitive sites.
The user will create and rely on HoverBot credentials/API configuration to operate the chatbot.
The setup requires creating a HoverBot account, and the widget configuration uses a chatbot ID and API key for that account.
Create account — First name, last name, email, password (8+ chars).
Use a strong unique password, keep dashboard access restricted, and use domain restrictions or equivalent controls for the widget key where available.
Uploaded content may influence future chatbot answers and could expose inappropriate information if sensitive documents are used.
The chatbot can store and reuse uploaded documents or URLs as persistent knowledge for future visitor conversations.
Upload documents (PDFs, text files) ... Add website URLs ... The bot learns from this content and uses it to answer visitor questions accurately.
Upload only content intended for chatbot use, review answers before public deployment, and avoid adding confidential or regulated data unless HoverBot's controls meet your requirements.