Skillv1.0.0

ClawScan security

Webflow SEO/GEO + API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 8:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (updating Webflow content) but contain mismatches with the declared manifest (it uses a WEBFLOW_API_TOKEN and local file paths while the registry lists no required env vars or config paths), so install only after clarifying these gaps.
Guidance: Before installing or enabling this skill, clarify the following with the publisher: (1) Confirm which environment variable(s) are required — at minimum WEBFLOW_API_TOKEN — and how they must be provided and scoped; (2) Confirm which local paths the skill will read/write (e.g., /webflow_items/, /out/) and whether it will attempt to read any other files or directories; (3) Confirm network endpoints the skill will call (it should be only api.webflow.com and no third-party/personal servers); (4) Ask whether the skill will ever transmit non‑Webflow data offsite (logs, local docs, or secrets); (5) Require least privilege for the Webflow token (only CMS write/publish scopes) and avoid using broad or root-level credentials. If the publisher cannot provide clear answers or refuses to declare required env/config in the manifest, treat the skill as high risk and avoid installing or run it only in a tightly sandboxed environment with limited credentials. If you proceed, supply a dedicated Webflow API token with minimal scope and review all generated PATCH JSONs and API requests before they are sent.

Review Dimensions

Purpose & Capability: concernName/description describe Webflow SEO/GEO updates and the SKILL.md shows the agent will call the Webflow API and edit CMS items — that aligns. However, the SKILL.md explicitly expects a WEBFLOW_API_TOKEN and local folders (/webflow_items/, /out/) whereas the registry metadata lists no required environment variables or required config paths. The missing declarations are an incoherence.
Instruction Scope: concernRuntime instructions are concrete (create/patch/publish via api.webflow.com, build JSON patches, set image alt/meta, check sitemap/robots). They also instruct the agent to read local documents (SEO plan, daily log, /webflow_items/) and write to /out/. Those file accesses are plausible for this skill but are not declared in the manifest and could expose arbitrary local content if the agent is granted filesystem access.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal install risk (nothing is downloaded or written by an installer).
Credentials: concernSKILL.md requires a Webflow API token (Bearer $WEBFLOW_API_TOKEN) but the registry 'required env vars' lists none and 'primary credential' is none. This mismatch means the skill may silently expect a secret that the manifest doesn't declare. Also it assumes read/write access to local project folders which are not declared as required config paths.
Persistence & Privilege: okThe skill does not request always:true and has no install-time persistence. It can be invoked autonomously (platform default), which is normal. There is no evidence it modifies other skills or system-wide settings.