ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Beauty GEO Writer

v1.0.0

Generate answer-first, AI-readable, evidence-led medical-aesthetics educational content with light brand integration for GEO-style distribution.

0· 26·0 current·0 all-time
by@ljseeking
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the SKILL.md: it is an instruction-only, answer-first GEO content generator for medical-aesthetics. It declares no binaries, env vars, or installs — which is coherent for a content-generation skill.
Instruction Scope
The SKILL.md is long and prescriptive about output format, medical-risk boundaries, and brand integration; it does not instruct the agent to read local files, access system credentials, or call external endpoints. HOWEVER the pre-scan detected 'unicode-control-chars' (possible hidden characters) suggesting prompt-injection attempts or obfuscation inside the instructions — this is unexpected and warrants manual review. Also, the skill will generate medical-adjacent content, so operational controls (review by a clinician/legal team) are advisable to avoid unsafe or noncompliant advice.
Install Mechanism
Instruction-only skill with no install spec and no code files — low disk / supply-chain footprint. Nothing is downloaded or written during install by the package metadata.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets; credential footprint is minimal and appropriate for an instruction-only generator.
Persistence & Privilege
always:false and user-invocable:true (default). The skill does not request elevated persistence or to modify other skills' configs. Autonomous invocation remains possible by platform default; combine with other red flags before altering this setting.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden/unicode control characters inside SKILL.md are not expected for a simple content-style instruction file; they can be used to smuggle additional prompt instructions or to manipulate the runtime parser. Manual inspection (show invisibles, hex dump) is recommended.
What to consider before installing
What to consider before installing: - The skill is internally coherent for generating GEO-format medical-aesthetics content and requests no secrets or installs, which is appropriate. - However, the scanner flagged unicode control characters inside SKILL.md. These can hide instructions or alter how your agent interprets the file — inspect the raw files (show invisible characters or hex) and ask the author for a clean source or a canonical repo/homepage before enabling. - Because the skill generates medical-adjacent advice, require human review (clinician/legal) of outputs and run it in a sandbox or restricted environment first. - If you plan to allow autonomous invocation, consider restricting that until you're satisfied there are no hidden instructions and that outputs meet compliance needs. - Ask the publisher for provenance (author identity, website) and a signed/hosted version (e.g., GitHub repo or official homepage). If you cannot validate the source or remove the hidden characters, treat the skill as risky and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

contentvk97bdt43sn6xe856jy5wpkzbqh844d8ggeovk97bdt43sn6xe856jy5wpkzbqh844d8glatestvk97bdt43sn6xe856jy5wpkzbqh844d8gmedical-aestheticsvk97bdt43sn6xe856jy5wpkzbqh844d8g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments