Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI SaaS Princing
v1.0.0Scrapes competitor SaaS pricing and user feedback to model optimal tiers, detect gaps, and generate pricing pages and announcement videos in 10 minutes.
⭐ 0· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to run Apify crawlers, call InVideo AI and Claude, and scrape multiple third‑party services. Yet the registry metadata declares no required binaries, no install steps, and no environment variables or API keys. Real use of Apify/InVideo/Claude would normally require API credentials and/or installation or connector configuration — their absence is inconsistent with the stated purpose.
Instruction Scope
The SKILL.md explicitly instructs scraping competitor pricing pages, G2 reviews, Reddit, Twitter/X, Product Hunt, and producing videos. That scope aligns with the described goal, but the instructions are high-level and do not specify how authentication, rate limiting, or storage are handled. Scraping user reviews and social media can collect user-generated content (possibly PII) and may violate terms of service if done without explicit connectors; the skill gives no guidance on legality, consent, or data handling.
Install Mechanism
This is an instruction-only skill with no install spec, which is low risk in terms of writing code to disk. However, given the external services named, the lack of any declared install or connector (e.g., Apify actors, InVideo SDK) is surprising and contributes to the overall incoherence.
Credentials
No environment variables or primary credential are declared, but the SKILL.md refers repeatedly to third‑party APIs (Apify, InVideo, Claude) that normally require API keys. That mismatch means the skill either expects the platform to supply credentials implicitly (not declared) or is incomplete/misleading. Also, mining review text and social posts can surface personal data; the skill does not declare data handling or storage practices.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not claim to modify other skills or system-wide settings. Persistence/privilege level appears normal.
What to consider before installing
Do not install blindly. The SKILL.md says it uses Apify, InVideo AI and Claude AI to scrape reviews and generate videos, but the skill metadata declares no required API keys or install steps — that is inconsistent. Ask the author: (1) exactly how the skill will access Apify/InVideo/Claude (what credentials are required and where will they be stored), (2) where scraped data will be sent and stored and how PII is handled, (3) whether any affiliate links or third‑party billing are involved, and (4) confirmation that scraping the listed sites complies with their terms of service. Prefer skills that explicitly declare required environment variables and install connectors, or run the scraping/analysis workflow manually or in a controlled environment you manage. If you proceed, restrict the skill's access and monitor network/data flows; do not provide broad credentials without understanding storage and retention.Like a lobster shell, security has layers — review code before you run it.
latestvk975mgtp88vajt8rs8jx5bz2qx83y7d8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.