Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Landing

v3.0.0

Generate HTML landing pages from templates with SEO optimization. Use when creating web pages.

⭐ 0· 211·0 current·0 all-time

by@bytesagain1

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name and description match the included files and commands. The script implements create, template, checklist, meta, optimize, and preview operations for landing pages; no unrelated binaries, environment variables, or services are required.

✓

Instruction Scope

SKILL.md simply documents running scripts/script.sh commands. The runtime instructions do not direct the agent to read system-wide secrets, call network endpoints, or transmit data elsewhere. The script does read user-provided file paths (meta/optimize/preview), which is expected for inspecting HTML files.

✓

Install Mechanism

No install spec is provided (instruction-only with one included script). Nothing is downloaded or written outside the user data directory created under $HOME, so install risk is low.

✓

Credentials

The skill requests no environment variables, credentials, or config paths. It creates and uses ~/.local/share/landing (a reasonable per-user data directory) and otherwise relies on standard shell utilities (grep, head).

✓

Persistence & Privilege

always is false and the skill does not require elevated privileges or modify other skills or global agent settings. It only creates a per-user data directory and otherwise runs on demand.

Assessment

This skill appears to be what it says: a small shell tool for generating and inspecting landing-page HTML. Before using it: (1) inspect scripts/script.sh yourself—there are minor bugs (e.g., some single-quoted echo strings prevent variable expansion) and no HTML escaping when creating output, so do not feed untrusted input if you intend to serve generated pages; (2) be aware it will create ~/.local/share/landing in your home directory; (3) meta/optimize/preview commands read files you pass in—avoid pointing them at sensitive system files; and (4) run the script in a sandbox or review its output if you are cautious. No network access or credential use was found.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ef4jhd1dv5fqvk2wsams8ax8366t3

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Landing

License

Comments