Website Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly a coherent website generator, but it tells the agent to install an extra unreviewed workflow skill with an auto-yes flag.
Install only if you trust AnyGen and are comfortable with the agent using an API key and sending website content to AnyGen. Before allowing the fallback install command, explicitly review and approve the additional workflow skill it would add.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may add another skill to the environment before generating the website, and that additional skill was not part of this reviewed artifact set.
The reviewed artifact depends on another skill that is not included in the manifest and instructs installation with an auto-confirm flag, creating an unreviewed supply-chain path that can change agent behavior.
If the `anygen-workflow-generate` skill is not available, install it first: `anygen skill install --platform <openclaw|claude-code> -y`
Require explicit user approval before installing the workflow skill, declare and pin the dependency, and review the installed skill before use.
Using the skill may consume or modify resources associated with the user's AnyGen account.
The skill requires an AnyGen API key or browser login. This is expected for the stated AnyGen integration, but it gives the CLI access to the user's AnyGen account.
`primaryEnv: ANYGEN_API_KEY` ... `anygen auth login --api-key sk-xxx` ... `export ANYGEN_API_KEY=sk-xxx`
Use a scoped or revocable API key where possible, avoid pasting real keys into chat, and revoke the key if the environment is no longer trusted.
Confidential product plans, personal details, or unpublished marketing copy included in prompts could be processed by the external service.
The artifact discloses that generation happens on an external provider service, so website instructions and related content may be sent to AnyGen.
This skill uses the AnyGen CLI to generate websites and landing pages server-side at `www.anygen.io`.
Only provide content you are comfortable sending to AnyGen, and check the provider's privacy and retention terms for sensitive projects.