ClawHub

Geo Blocking

v1.0.0

Implement geographic content restrictions with IP geolocation, VPN/Tor detection, and regional law compliance for tailored geo-blocking rules.

0· 453·0 current·0 all-time
by@raghulpasupathi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md claims IP geolocation, VPN/Tor detection and regional-law compliance which is coherent with a 'Geo Blocking' purpose. However, these features typically require external databases/APIs (e.g., geolocation DBs, Tor/VPN lists, legal-rule data) or configuration; none of those resources, credentials, or config paths are declared.
Instruction Scope
Instructions are short and scoped (they only recommend installing @clawhub/geo-shield and list use cases). They do not instruct the agent to read unrelated files or secrets. But they also omit operational details (how to configure databases/APIs, what data is collected, or how 'regional law compliance' is implemented), giving the agent broad discretion.
!
Install Mechanism
There is no platform-level install spec; installation is only suggested inside SKILL.md via 'npm install @clawhub/geo-shield'. That points to an npm package in an unknown scope (@clawhub) — a moderate-to-high risk source if unvetted. Because the skill is instruction-only, the platform will not automatically vet or supply this package, and following the instruction would cause an agent to download and run unreviewed code from the public npm registry.
!
Credentials
The skill declares no required environment variables or credentials. Geo-location and VPN/Tor detection workflows commonly require API keys, paid DB downloads (e.g., MaxMind), or other secrets; the absence of declared credentials is a mismatch and may hide implicit requirements that would be requested at runtime by the npm package.
Persistence & Privilege
Flags are normal: always=false and model invocation allowed. The skill does not request persistent system-wide privileges in the provided metadata.
What to consider before installing
This skill is plausible for geo-blocking but incomplete and potentially risky. Before installing or allowing an agent to run its instructions: 1) ask the author for the package source (homepage, repository URL, and signed release or checksum); 2) review the npm package code (or request a vetted package) to ensure it doesn't exfiltrate data or run unrelated tasks; 3) clarify what external services or DBs are required and what environment variables or API keys will be needed; 4) verify the missing PARENTAL_CONTROLS.md reference and any other linked resources; 5) avoid letting an agent autonomously run 'npm install' of an unreviewed package — consider performing the install in an isolated environment (sandbox/CI) and auditing the package first. If you cannot obtain the package source and a security review, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk978823v1zfsgnsvjtts5rnbe981jk70

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments