ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PLS Website Audit

v1.0.0

Perform comprehensive website health checks covering performance, broken links, security headers, accessibility, and SEO issues.

0· 998·2 current·2 all-time
byMatt Valenta@mattvalenta
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (website performance, broken links, security headers, accessibility, SEO) align with the instructions and example commands/scripts provided. Required resources (none declared) are consistent with a tool that uses standard CLI tools and small Python scripts to fetch and analyze pages.
Instruction Scope
SKILL.md stays on-topic: it instructs the agent to fetch pages, parse HTML, check headers, run lighthouse/web-vitals, and run openssl for cert checks. It does not instruct reading unrelated local files or asking for unrelated secrets. Note: the instructions include commands that will download/run third-party tooling at runtime (npx, pip install) and perform recursive crawling of same-origin links — this is expected for a site-audit but does have side effects (network requests, package installs).
Install Mechanism
There is no install spec (instruction-only), which is low baseline risk. However the instructions rely on runtime package installs/usage (npx lighthouse/web-vitals, pip install LinkChecker), which will fetch and run code from public registries when executed; this is expected for such audits but increases runtime trust requirements.
Credentials
The skill requests no environment variables, no credentials, and no config paths. All proposed operations (HTTP(S) requests, header checks, crawling) do not require additional secrets, so the lack of requested secrets is proportionate.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide configuration. It does not attempt to modify other skills or agent settings in the provided instructions.
Assessment
This skill appears coherent for performing website audits. Before running it, be aware that: (1) the scripts and commands will make network requests to the target site and may recursively crawl links — only audit sites you own or have permission to test; (2) npx and pip commands in the instructions will download and execute third‑party packages at runtime — review those packages or run the skill in a sandboxed environment if you have supply-chain concerns; (3) no credentials are requested, so the skill cannot access protected resources unless you explicitly provide credentials later. If you need stricter controls, ask the publisher for an explicit install spec with vetted package versions or run the provided scripts in an isolated VM/container.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bkanw2y9ptqa84pbe7nvy6581mme4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments