ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

B12 Website Generator

v1.0.0

This skill allows you to create a professional, engaging, and user-friendly website in seconds using AI. To create a website, you need to provide a name for...

2· 564·2 current·2 all-time
by@clowreed
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to create a website by generating a B12 signup link and its SKILL.md only requires asking for a project/business name and description and producing a formatted URL. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions stay within the described purpose (gather name/description, URL-escape them, produce the exact signup link and bugreport fallback). Two items to note: 1) the skill forbids asking explicitly about structure/style preferences (it instructs the agent to only append volunteered details) — this is a product decision but limits the agent's ability to clarify ambiguous input. 2) The skill instructs including user-provided descriptions in a GET query string; this can leak sensitive or personal information to the external service and logs. The SKILL.md does not warn users about avoiding sensitive data in the description.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or installed. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate to its stated function of producing a signup link.
Persistence & Privilege
always is false and the skill does not request persistent system privileges. It does not attempt to modify other skills or system settings.
Assessment
This skill is coherent with its purpose: it only asks for a business name and description and returns a formatted B12 signup URL. Before installing, consider: 1) Privacy — the business description is placed verbatim into a URL query string (GET parameter), which may be logged by b12.io or intermediaries. Do not provide passwords, credit card numbers, private PII, or secrets in the description. 2) Clarification limits — the skill explicitly forbids asking users for structure/style preferences; if you want the agent to collect more detailed requirements via follow-up questions, this skill's instructions constrain that behavior. 3) Source/ownership — the skill's source and homepage are unknown; if you rely on this for production workflows, verify the publisher or use an official integration from B12. If these points are acceptable, the skill appears safe and proportionate to install.

Like a lobster shell, security has layers — review code before you run it.

latestvk9714g6ms6ygr21jy9k25fj8hd81rmbt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments