ClawHub
Back to skill
v1.0.0

AEO Prompt Research (Free)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:44 AM.

Analysis

This skill appears to do what it says: crawl user-specified websites and produce AEO prompt research, with only normal web-access and an optional local crawl script to use carefully.

GuidanceThis looks safe for normal AEO research on public websites. Before installing or using it, note that it fetches web pages and includes an optional curl-based crawler; run that script only on intended domains and save output to a safe location.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Use `web_fetch` on key pages... Alternatively, run `scripts/crawl_site.sh <domain>` for a batch crawl.

The skill intentionally uses web-fetching tools and an optional local shell script to crawl a user-provided domain. This is purpose-aligned, but it is still broad enough that users should ensure the target domain is intended.

User impactThe agent may fetch website content, and the optional script can crawl common pages for a supplied domain.
RecommendationUse it only on domains you intend to analyze, avoid private/internal hosts unless appropriate, and treat fetched page text as untrusted source data.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; Required binaries (all must exist): none

Registry metadata does not provide a verified source/homepage or declare runtime binaries, while the included helper script documents a curl dependency. The full script is present and simple, so this is a metadata/provenance note rather than a concern.

User impactUsers may need to inspect the included script themselves and ensure curl is available if they choose to run it.
RecommendationReview the bundled script before use and, if publishing or maintaining the skill, declare the curl dependency and verified source link in metadata.