ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SaaS Landing Page Generator

v1.0.0

生成现代 SaaS 产品的 Landing Page,支持多种风格,输出 HTML/CSS/React 代码,直接可部署。

0· 364·1 current·1 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included shell generator: the script creates HTML/React files, components, README and an output folder. No unexpected credentials, binaries, or external services are required for the declared purpose.
Instruction Scope
SKILL.md only instructs generating landing pages and running the CLI (saas-landing-page). The runtime script writes files into an output directory and embeds CDN links in generated pages. The skill does not instruct reading unrelated system files, env vars, or transmitting local data elsewhere.
Install Mechanism
No install spec (instruction-only with a bundled shell script). The generator writes files to disk when executed (expected). The HTML it creates references third-party CDNs (cdn.tailwindcss.com and unpkg.com) — that means generated sites will load remote JS/CSS at runtime; this is expected for a generator but worth noting for supply-chain/trust considerations.
Credentials
The skill requires no environment variables, credentials, or config paths. The included script does not read or transmit secrets.
Persistence & Privilege
Skill is not always-enabled and uses standard user-invocable/autonomous defaults. It does not alter other skills or global agent settings and only writes to the output directory it creates.
Assessment
This skill appears coherent and implements what it claims: a simple generator that writes a deployable landing-page scaffold. Before running: (1) inspect the bundled saas-landing-page.sh (you already have it); (2) run it in a disposable directory because it will create an output folder named <product>-landing and write files to disk; (3) review generated HTML/JS for included external CDN references (tailwindcdn, unpkg) — these will load third-party code when the site is visited; (4) note minor implementation quirks (the script uses sed -i '' which is BSD/macOS syntax and may fail on some Linux systems) but those are functional issues, not malicious ones. If you plan to deploy generated sites publicly, review and lock down any third-party asset usage and run standard security checks on the produced code.

Like a lobster shell, security has layers — review code before you run it.

generatorvk972k71d7j2hq9ddvent7h88qx824bvklanding-pagevk972k71d7j2hq9ddvent7h88qx824bvklatestvk972k71d7j2hq9ddvent7h88qx824bvkmarketingvk972k71d7j2hq9ddvent7h88qx824bvksaasvk972k71d7j2hq9ddvent7h88qx824bvkwebsitevk972k71d7j2hq9ddvent7h88qx824bvk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis

Comments