ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Webflow SEO/GEO + API

Manage SEO and GEO content updates in Webflow by prioritizing with GSC, drafting content, creating patch JSONs, updating CMS via API, optimizing images and S...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 146 · 1 current installs · 1 all-time installs
byJordan Chops@jchopard69
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description describe Webflow SEO/GEO updates and the SKILL.md shows the agent will call the Webflow API and edit CMS items — that aligns. However, the SKILL.md explicitly expects a WEBFLOW_API_TOKEN and local folders (/webflow_items/, /out/) whereas the registry metadata lists no required environment variables or required config paths. The missing declarations are an incoherence.
!
Instruction Scope
Runtime instructions are concrete (create/patch/publish via api.webflow.com, build JSON patches, set image alt/meta, check sitemap/robots). They also instruct the agent to read local documents (SEO plan, daily log, /webflow_items/) and write to /out/. Those file accesses are plausible for this skill but are not declared in the manifest and could expose arbitrary local content if the agent is granted filesystem access.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal install risk (nothing is downloaded or written by an installer).
!
Credentials
SKILL.md requires a Webflow API token (Bearer $WEBFLOW_API_TOKEN) but the registry 'required env vars' lists none and 'primary credential' is none. This mismatch means the skill may silently expect a secret that the manifest doesn't declare. Also it assumes read/write access to local project folders which are not declared as required config paths.
Persistence & Privilege
The skill does not request always:true and has no install-time persistence. It can be invoked autonomously (platform default), which is normal. There is no evidence it modifies other skills or system-wide settings.
What to consider before installing
Before installing or enabling this skill, clarify the following with the publisher: (1) Confirm which environment variable(s) are required — at minimum WEBFLOW_API_TOKEN — and how they must be provided and scoped; (2) Confirm which local paths the skill will read/write (e.g., /webflow_items/, /out/) and whether it will attempt to read any other files or directories; (3) Confirm network endpoints the skill will call (it should be only api.webflow.com and no third-party/personal servers); (4) Ask whether the skill will ever transmit non‑Webflow data offsite (logs, local docs, or secrets); (5) Require least privilege for the Webflow token (only CMS write/publish scopes) and avoid using broad or root-level credentials. If the publisher cannot provide clear answers or refuses to declare required env/config in the manifest, treat the skill as high risk and avoid installing or run it only in a tightly sandboxed environment with limited credentials. If you proceed, supply a dedicated Webflow API token with minimal scope and review all generated PATCH JSONs and API requests before they are sent.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
apivk97b2a5tvh52ac7m2vzw4jhaf982ja6bgeovk97b2a5tvh52ac7m2vzw4jhaf982ja6blatestvk97b2a5tvh52ac7m2vzw4jhaf982ja6bseovk97b2a5tvh52ac7m2vzw4jhaf982ja6bwebflowvk97b2a5tvh52ac7m2vzw4jhaf982ja6bwebsitevk97b2a5tvh52ac7m2vzw4jhaf982ja6b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Webflow SEO/GEO

Quick start (default workflow)

  1. Prioritize: Use GSC exports + site plan docs.
  2. Draft: Create/refresh copy (human tone, clear intent, strong CTA). Avoid AI-isms.
  3. Patch JSON: Write Webflow item payloads in a local /out/ folder.
  4. Publish via API: POST new items or PATCH existing items, then publish.
  5. Images/alt/SEO: Set image-de-couverture, image---alt-text, meta description/title.
  6. Tech checks: Canonical domain, redirects, sitemap status, GSC property.

Where to look first

  • Priority plan: your SEO plan doc
  • Daily log: your daily SEO log
  • Existing items: export from Webflow (/webflow_items/)
  • Patches: local /out/ folder

Webflow API (v2) — usage pattern

Use WEBFLOW_API_TOKEN env var.

  • Create item: POST /v2/collections/{collection_id}/items
  • Update item: PATCH /v2/collections/{collection_id}/items/{item_id}
  • Publish: POST /v2/collections/{collection_id}/items/publish with itemIds
  • List items: GET /v2/collections/{collection_id}/items (paginate)

Collection IDs

  • Replace with your collection IDs (from Webflow API)

Important fields

  • name, slug, contenu-de-l-article, seo---meta-description
  • image-de-couverture (object: fileId/url/alt)
  • image---alt-text
  • date-de-redaction, categorie

Content guidelines

  • Direct, concrete, actionable
  • One message per section
  • Use internal links to services and relevant blog posts
  • CTA at top or near end
  • FAQ with 3–5 short Q/A (adds CTR)

GEO / Local pages

  • Use clear city intent in title/meta
  • Add 2–3 local cues (address/city names) + local proof
  • Link to relevant service page

Technical SEO quick wins

Canonical domain (www vs non‑www)

  • Primary domain set in Webflow UI (not API)
  • Ensure non‑www is default → Webflow handles 301 + canonical

Sitemap

  • Must resolve on canonical domain: https://yourdomain.tld/sitemap.xml
  • Check robots.txt contains the sitemap URL

When to read references

  • Webflow API detailsreferences/webflow_api.md
  • Copy/SEO patternsreferences/seo_copy_patterns.md
  • Patch templatesreferences/patch_templates.md

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…