ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Visibility

v1.0.0

Track and analyze brand visibility across AI platforms (ChatGPT, Perplexity, Claude, Gemini). Check mention rates, sentiment, competitors, and get improvemen...

0· 62·0 current·0 all-time
by@sharozdawa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill promises cross-platform tracking (ChatGPT, Perplexity, Claude, Gemini) and concrete features (mention rates, sentiment, comparisons) but the package includes no code, no install, and no required credentials. Accessing those platforms in a reliable way normally requires APIs/keys or explicit scraping instructions; the skill provides neither, so the claimed capabilities are not justified by the declared requirements.
!
Instruction Scope
SKILL.md is a high-level spec (what the skill should do) rather than concrete runtime instructions. It does not specify how to query each platform, what queries to run, how to authenticate, or how to handle rate limits and citations. This vagueness could lead an agent to take broad actions (web scraping, unauthenticated probing, or using third-party web browsing) that exceed what a user expects.
Install Mechanism
No install spec and no code files are present, which reduces immediate filesystem or supply-chain risk. However, absence of an install mechanism is also why the skill lacks concrete integration details.
Credentials
The skill requests no environment variables or credentials, which on the surface is least-privileged — but is also unrealistic for the stated integrations. Legitimate cross-platform tracking would normally require API keys or service credentials for one or more platforms; the lack of declared credentials suggests the skill is incomplete or will rely on ad-hoc network actions.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence. Model invocation is allowed (the platform default), which is expected for skills. Nothing indicates it modifies other skills or system-wide settings.
What to consider before installing
This skill reads like a feature description, not an executable integration. Before installing, ask the author to: (1) provide concrete runtime details: which APIs or endpoints will be queried for each platform, required auth types, and exact query behavior; (2) declare required environment variables (API keys/tokens) and how they will be stored/used; (3) explain whether the skill will perform web scraping or use built-in browsing and how it handles rate limits, citations, and PII; (4) provide a minimal install or code implementation (or link to a reputable repo) so you can review network calls. If you proceed without these clarifications, consider disabling autonomous invocation (require manual approval) and test in a sandbox account to avoid accidental credential or data exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk970yzgqpex0nd7srxwb2vh6t583b2j8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments