ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Landing Page Generator

v1.0.0

Generate high-converting, mobile-responsive landing pages from a brief. Use when building landing pages, sales pages, or marketing pages for clients.

0· 745·1 current·1 all-time
bySean Wyngaard@seanwyngaard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md: the document gives step-by-step guidance to produce a single-file HTML/CSS landing page and a README. There are no unrelated requirements (no cloud provider keys, no unrelated binaries).
Instruction Scope
Instructions stay on-topic (analyze briefs, select templates, emit index.html + README). The SKILL.md permits use of Read/Write/Edit/Grep/Glob/Bash which is reasonable for reading an input brief and writing output files, but those capabilities also enable arbitrary filesystem and shell access if the agent is allowed to run them — the instructions themselves do not ask for reading secrets or other system state.
Install Mechanism
No install spec and no code files — instruction-only skill is lowest-risk from an installation viewpoint (nothing is downloaded or written by an installer).
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md references only Google Fonts as an external dependency, which is appropriate for web typography.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request persistent system-wide privileges or modification of other skills/config; expected level of privilege for a file-generating utility.
Assessment
This skill appears coherent and matches its description, but follow these precautions before installing or running it: 1) Run it in a sandbox or non-sensitive workspace first — the allowed tools include Bash and file read/write operations, so an agent with those permissions could access local files if misused. 2) Do not include secrets, API keys, or private customer data in the brief or workspace files you give the skill. 3) Inspect the generated HTML/README before deploying — confirm forms, links, or third-party endpoints are safe and intentional (the README shows how to connect forms; ensure no default form action posts to an unexpected endpoint). 4) If possible, restrict or review the agent's ability to run shell commands (Bash) unless you trust the agent’s invocation context. 5) Because the skill loads Google Fonts, expect a network request to fonts.googleapis.com; if your environment prohibits external network calls, block that or host fonts locally. If you want further assurance, ask the publisher for a homepage or source repository so you can review templates and examples before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk979d5njdzw7gfrfz87x15wndh813hd5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments