ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SEO Autopilot Pro

v1.0.0

Fully automated SEO content freshness engine. Monitors a keyword research reports directory, automatically generates landing pages and blog posts, runs SEO a...

0· 36·0 current·0 all-time
byclaw0x@kennyzir
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (automating keyword reports → pages → push) align with the runtime instructions: discover reports, parse, generate pages, register in navigation/sitemap, run audits, and git push. The required filesystem and git access are proportionate for this purpose.
Instruction Scope
SKILL.md instructs the Agent to read project files (navigation, blog, sitemap), create steering/hook files, modify .vscode/settings.json, write new pages and update processed.json, then commit/push. These are within the skill's scope but give the Agent broad write access to the repository—review steering templates and the hook prompt before enabling automated runs.
Install Mechanism
No install step or external downloads; this is an instruction-only skill (lowest install risk).
Credentials
No environment variables or credentials are declared, which is consistent with an instruction-only skill. However, the pipeline relies on existing git credentials and an auto-deploy platform (Vercel/Netlify/etc.) to be present; those implicit privileges (ability to commit/push and trigger deploys) are expected for the stated functionality but are not explicitly listed.
Persistence & Privilege
always is false and autonomous invocation is allowed (default). The skill creates project-local hook/steering files and a processed.json state file — normal for this automation. It does not request permanent platform-level privileges or modify other skills' configs.
Assessment
This skill will create files in your repo (.kiro hooks, steering file, processed.json), update .vscode settings, generate new pages, and run git commit/push operations — so only install it in projects where you trust automated commits. Before enabling automation: (1) review and customize the provided steering template and hook prompt; (2) test on a feature branch or fork (do not push directly to production/main); (3) consider requiring PRs or branch protections instead of direct pushes; (4) ensure your CI/deploy pipeline and git credentials are configured safely; (5) decide whether processed.json should be committed or ignored; and (6) restrict the hook's report_dir pattern to a dedicated folder to avoid accidental triggering. If any of these steps are unacceptable, do not enable automatic runs and instead run the pipeline manually.

Like a lobster shell, security has layers — review code before you run it.

latestvk97277xmvypc0kpzk949r8s15s84rrqt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments