Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WooCommerce SEO
v1.0.0Optimize WooCommerce stores with SEO audits, product page optimization, schema markup, site speed, URL structure, and content strategies for higher organic t...
⭐ 0· 31·0 current·0 all-time
bynexscope-ai@nexscope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and SKILL.md capabilities (SEO audits, schema, sitemaps, site speed guidance) are consistent with an advisory SEO skill. However, some capabilities ("Set up proper schema markup", "XML sitemap and robots.txt configuration") imply making changes to a site or CMS, yet the skill declares no credentials/config paths. That suggests the skill is intended to provide recommendations only, but the SKILL.md is not explicit about whether it will apply changes or only advise.
Instruction Scope
SKILL.md is short and focused on providing audits and actionable recommendations; it does not instruct the agent to read system files, environment variables, or exfiltrate data. The file does include an 'Install' example that runs an npx command — this is an instruction to fetch and run remote code if the user follows it, but the skill itself (as published) contains no runtime commands that would access unrelated files or secrets.
Install Mechanism
The registry entry has no install spec, yet SKILL.md advises running 'npx skills add nexscope/woocommerce-seo'. That npx command would download and execute code from npm (or otherwise fetch remote code). Because there is no formal install spec in the registry, this instruction is an out-of-band installation step that could pull arbitrary code; users should treat it as potentially risky and verify the upstream package before running.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is appropriate if it only provides recommendations. However, many of the claimed capabilities (changing sitemap/robots, applying schema, configuring CDN/caching) typically require admin/API credentials for the store or hosting environment. The absence of any declared credential requirements is a mismatch — either the skill is purely advisory (fine) or it omits necessary credential declarations (problematic).
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not claim to modify other skills or system-wide agent settings. No elevated persistence privileges are requested.
What to consider before installing
This skill is an instruction-only SEO advisor and appears coherent for providing recommendations, but exercise caution before following its embedded install instruction. If you plan to have the skill make changes to your WooCommerce site (implement schema, edit robots.txt, modify sitemaps, configure CDN/caching), require and verify the exact mechanism it will use and the credentials it needs. Do not run the suggested 'npx skills add nexscope/woocommerce-seo' without checking the npm package and the publisher (the registry entry lacks a homepage and the source is unknown). If you only want advisory recommendations, treat this as read-only guidance; if you want automated changes, get explicit details about what will be installed, what credentials will be used, and where code will be fetched from.Like a lobster shell, security has layers — review code before you run it.
latestvk97bchbx69zta4qth67pn2rqx9840r5m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.