ClawHub
Back to skill
v1.0.0

Landing Page Generator

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:20 AM.

Analysis

This is a straightforward local landing-page generator, but users should review generated pages for unsafe HTML and unverified marketing claims before publishing.

GuidanceBefore installing or using this skill, treat it as a local HTML generator: review the output before publishing, replace any generated testimonials or urgency claims with truthful content, and avoid using untrusted text as input unless the script is updated to escape HTML.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/generate_landing.py
<h1>{headline}</h1> ... benefits_html += f"      <li>{benefit}</li>\n"

CLI-provided values are inserted directly into deployable HTML without escaping, so content copied from an untrusted source could become active markup or script in the generated page.

User impactIf untrusted text is used as page content and then published, the generated page could include unintended HTML or JavaScript.
RecommendationUse trusted inputs, review the generated HTML before deployment, and add HTML escaping or sanitization if content may come from untrusted sources.
Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
scripts/generate_landing.py
testimonials_html += f"        <p>\"Amazing results! {product} exceeded my expectations.\"\n" ... <cite>- Satisfied customer {i+1}</cite>

The script auto-generates testimonial-like claims rather than clearly labeling them as placeholders.

User impactPublishing the generated page unchanged could mislead visitors with fabricated social proof.
RecommendationReplace generated testimonials, urgency, guarantees, and similar claims with real, approved content before publishing.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
### `optimize_copy.py` Optimize existing landing page copy. ... ### `ab_test_variations.py` Generate A/B testing variations.

SKILL.md documents additional helper scripts, but the provided manifest only includes `scripts/generate_landing.py` and `scripts/__init__.py`; those advertised helpers are not part of the reviewed artifact set.

User impactUsers expecting those extra features may be tempted to fetch or run unreviewed code from elsewhere.
RecommendationUse only the included reviewed script unless any missing helper scripts are separately supplied and reviewed.