ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AEO Prompt Research (Free)

v1.0.0

Discover which AI prompts and topics matter for a brand's Answer Engine Optimization (AEO) using only free tools. Crawls a website, analyzes the brand's posi...

0· 770·1 current·1 all-time
by@psyduckler
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (AEO prompt research via free tools) matches its behavior: it crawls a site, generates prompt candidates, prioritizes them, and audits coverage. One mismatch: the shipped script uses curl to fetch pages, but the registry metadata lists no required binaries. Requiring curl is reasonable for the stated purpose, but the metadata should declare it.
Instruction Scope
SKILL.md limits runtime actions to crawling the target domain (via web_fetch or the provided crawl script), web_search for coverage checks, and LLM reasoning. The instructions do not direct the agent to read unrelated local files, access secrets, or post data to third-party endpoints. The crawl script fetches only the pages listed and emits plain text; it does not transmit the crawl results to any external server.
Install Mechanism
This is instruction-only with a small helper script; there is no download/install step, no archive extraction, and nothing is written to system locations beyond the script's normal output file. Risk is low because nothing arbitrary is pulled from external URLs during install.
Credentials
The skill declares no required environment variables or credentials and its instructions do not reference any secrets. The lack of required credentials is proportionate to the described functionality (public web crawling and search).
Persistence & Privilege
always:false and no install-time persistence are set. The skill does not request elevated privileges or modify other skills/configs. Autonomous invocation is allowed (the platform default) but not combined with any other concerning privileges here.
Assessment
This skill appears to do what it says: crawl a public site and generate/prioritize AI prompts. Before installing or running it, consider: 1) The included script uses curl (network fetches); ensure your environment has curl or add it to the declared requirements. 2) Only provide domains you trust — the crawl will make outbound HTTP requests to whatever domain you supply (avoid internal-only or sensitive hosts). 3) Review the script if you plan to run it in a sensitive environment (it writes output and strips HTML but does not exfiltrate data to third parties). 4) If you want extra safety, run the script in a sandboxed environment or on a copy of the site content. Overall, no credentials or hidden endpoints were detected, so the skill is internally coherent with its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c49rgpwtnm92mg7b8kesr39817vzc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments