ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Geo Fix Llmstxt

v1.2.0

Generate llms.txt and llms-full.txt files for a website to improve AI discoverability. Use when the user asks to create llms.txt, generate llms.txt, fix llms...

0· 28·1 current·1 all-time
byEugene Liu@enzyme2013
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (generate llms.txt and llms-full.txt) match the instructions: crawl a site, use sitemap/robots/homepage to build an inventory, categorize pages, and produce the two output files. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Runtime instructions are limited to fetching public site resources (llms.txt, .well-known, sitemap, robots, up to 15 pages) and producing markdown files. The SKILL.md explicitly warns about prompt injection and treats fetched content as untrusted. It does not direct reading of local files, unrelated env vars, or posting data to external endpoints beyond the target site.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk or downloaded by the skill itself. README includes an example 'npx skills add' line referencing an external package, but no install behavior is present in the skill bundle.
Credentials
The skill requests no environment variables, credentials, or config paths. This is appropriate for crawling public site content and generating local files. (Note: if you intend to run it against authenticated/private sites, the skill gives no guidance for safely handling credentials.)
Persistence & Privilege
The skill does not request persistent privileges (always:false) and contains no instructions to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md deliberately includes 'ignore previous instructions' as an example of prompt injection and instructs the agent to treat fetched content as untrusted. The detector flagged the pattern, but its presence here is intentional and documented.
Assessment
This skill appears coherent and limited to crawling public site pages and composing llms.txt / llms-full.txt outputs. Before using it, consider: (1) don't run it against private or authenticated areas unless you explicitly supply and trust credentials—this skill gives no credential handling guidance; (2) llms-full.txt embeds full page content—avoid including sensitive or copyrighted material you don't own; (3) the README shows an npx install example for an external package not included here—do not run install commands from unknown sources without verifying the package; (4) respect robots.txt and site terms when crawling. If you plan to use it on a site behind auth or with sensitive content, ask the skill author for explicit guidance on safe credential handling and data retention.
!
SKILL.md:35
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

ai-visibilityvk970tps0f8xpdnk6rkpznz7bg1848vd4geovk970tps0f8xpdnk6rkpznz7bg1848vd4latestvk970tps0f8xpdnk6rkpznz7bg1848vd4seovk970tps0f8xpdnk6rkpznz7bg1848vd4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments