ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

sitemd

v0.1.1

Build and manage websites from Markdown. Create pages, generate content, configure settings, and deploy — all through MCP tools.

0· 78·0 current·0 all-time
byTyler Berggren@tyler-berggren
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, listed commands, and the primary credential (SITEMD_TOKEN) align with a site-building/deploying tool. The skill asks to read and write site files (pages/, settings/, etc.), which is expected for this purpose.
!
Instruction Scope
SKILL.md instructs the agent to run numerous project commands and to read/write site files (expected), but it also tells the agent to run './sitemd/install' to download a binary if no local binary exists. No install script or source URL is included in the skill bundle, so it's unclear where the agent should fetch code from — this gives the agent leeway to download and execute external binaries without constraints. The instructions also explicitly direct the agent to send a login URL to the owner via external messaging, which is normal for a magic-link flow but worth noting since it transmits an authentication link outside the agent context.
!
Install Mechanism
There is no install spec in the registry and no code files bundled, yet SKILL.md expects a './sitemd/install' bootstrap script to download a compiled binary. Because the skill provides no trusted, pinned URL, checksum, or recommended source, the installation step is underspecified and could result in arbitrary network downloads and execution. That elevates risk compared to an instruction-only skill that never executes or fetches code.
Credentials
Only one primary credential (SITEMD_TOKEN) is declared and its use is documented for automated deploys. The skill does not request unrelated secrets. The documented auth flow uses magic links and an API key for automation, which is coherent with the described functionality.
Persistence & Privilege
always is false and the skill does not request elevated persistent system privileges or attempt to modify other skills' configs. Autonomous invocation is allowed by default but not combined here with other high-risk flags.
What to consider before installing
This skill appears to be what it says (a site-from-Markdown tool) and only needs a single API token, but the runtime README expects a local './sitemd/install' script to download a compiled binary even though no install files are bundled. Before installing or running this skill: 1) Ask the publisher where the install script/binary comes from and request a pinned URL and checksum or a vetted package source (e.g., GitHub release). 2) If you must run the install, perform it in a sandboxed environment and inspect the downloaded binary/script first. 3) Limit SITEMD_TOKEN scope (create the least-privilege API key) and avoid supplying other credentials. 4) Be aware the magic-link flow requires sending a login URL to a human; do not let the agent forward secrets or tokens to third-party chats. If the publisher cannot provide a clear, auditable install source, treat this skill as higher risk and consider not installing it.

Like a lobster shell, security has layers — review code before you run it.

deployvk9721yx930aqmead12hbm68jad84am03latestvk970kcev7jhpkqbjhnm38qfm8n84etmhmarkdownvk9721yx930aqmead12hbm68jad84am03mcpvk9721yx930aqmead12hbm68jad84am03static-sitevk9721yx930aqmead12hbm68jad84am03websitevk9721yx930aqmead12hbm68jad84am03

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Primary envSITEMD_TOKEN

Comments