Call Geo Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: call-geo-agent Version: 0.1.1 The skill is classified as suspicious primarily due to the use of the `python_executor` tool in SKILL.md. While its stated purpose is to generate an interactive HTML file, the `python_executor` is a powerful primitive that, if not properly sandboxed, could allow for arbitrary code execution, file system access, or network calls, representing a significant vulnerability. Additionally, the skill processes and records external URLs obtained from `call_gpt_5_online` and passes 'example article URLs' to subordinate agents, which introduces a potential attack surface for further exploitation or prompt injection against sub-agents if these URLs were to contain malicious content.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A code-capable tool may be used to generate a local or attached HTML file for the project.
The skill instructs the agent to use a Python execution-capable tool to create an HTML deliverable. This is disclosed and scoped to the project dashboard, with no packaged code or unrelated execution shown.
**工具**:`python_executor` ... **任务**:生成一个名为“xx品牌GEO项目看板.html”的交互式HTML文件
Review generated files before opening or sharing them, especially interactive HTML outputs.
Brand or product details supplied to the skill may be shared with several model agents during content generation.
The workflow explicitly passes user-provided product information and prompt context to multiple named writer agents/providers, but the artifact does not define data-retention or boundary controls for those agents.
调用`geo-call-gemini-2-5-pro-agent``geo-call-gpt-5-agent``geo_call_claude_sonnet_4_agent``geo-call-claude-4-1-opus-thinking`,将用户上传附件或者描述中的产品相关信息、目标优化prompt、各平台的范文原文URL给到相应的写手。
Do not provide confidential product plans, private customer data, or unreleased materials unless those downstream agent/provider data policies are acceptable.
Project details and model-returned results may remain in persistent wiki/log artifacts after the task completes.
The workflow persists project actions, prompts, external-tool results, URLs, and generated content into wiki/log documents. This is expected for a project workflow, but it stores potentially sensitive or untrusted context for later reuse.
创建”xx品牌GEO项目执行日志“,后续你按照工作流执行的关键动作和结果都不断追加在日志中。
Review the generated logs and wiki documents, remove sensitive details if needed, and avoid treating stored external-model output as verified without human review.