Skillv1.0.0

ClawScan security

Aeo Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 9:02 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a remote website AEO auditor) but it forwards audited URLs/content to an external third-party endpoint (no auth) — a privacy/trust decision for the user.
Guidance: This skill delegates audits to a third-party API (https://aeo-mcp-server.amdal-dev.workers.dev). Before installing or using it: (1) Do not send private/internal URLs or pages with sensitive data — the service will fetch/process those pages. (2) Verify the operator/trustworthiness and privacy policy of the endpoint (synligdigital/no.synligdigital). (3) If you need audits of internal sites, run a local tool or self-host an audit service instead. (4) If you allow autonomous invocation, limit the agent's network permissions or monitor requests so unexpected internal-to-external requests can be detected. If you want, I can recommend a local or open-source site-audit checklist you can run without sending data offsite.

Purpose & Capability: okName/description match the behavior: it performs remote audits by calling a web API and returns a score/breakdown. Required binary (curl) is appropriate for the REST calls. No unrelated credentials, config paths, or binaries are requested.
Instruction Scope: noteSKILL.md instructs the agent to call a public REST endpoint (and MCP endpoints) with the target URL and parse the JSON. It does not ask the agent to read local files, env vars, or other system state. Important privacy note: the audit requires sending the target URL (and the service likely fetches and processes that site), so private/internal URLs or sensitive pages would be transmitted to the third-party server.
Install Mechanism: okInstruction-only skill, no install spec or code files. Lowest-risk install model; nothing is written to disk by the skill bundle itself.
Credentials: okNo environment variables, credentials, or config paths are requested. The lack of requested secrets is proportionate to a simple remote-audit service. Still, the skill transmits user-supplied target URLs to an external host (aeo-mcp-server.amdal-dev.workers.dev), which is a trust/privacy consideration rather than an environment-variable mismatch.
Persistence & Privilege: okalways:false and default autonomous invocation are used; no requests to modify other skills or system settings. Nothing in the SKILL.md attempts to persist credentials or change agent config.