Landing Page Builder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: landing-page-builder Version: 1.0.0 The skill's `SKILL.md` instructions pose a significant vulnerability by explicitly directing the AI agent to "Preserve ALL CSS, animations, layout structure, SVG filters, and JavaScript exactly" when adapting user-provided HTML templates, and to "Embed forms, videos, or other interactive elements as needed." While the provided example templates are benign, these instructions mean that if a malicious user provides a template or prompt containing harmful JavaScript or other active content (e.g., for data exfiltration or XSS), the agent is instructed to include it in the generated output. This represents a high-risk capability that could be exploited by a malicious user, leading to client-side attacks in the generated landing pages.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user provides an untrusted HTML template, unsafe or unwanted scripts could be preserved in the landing page.
When adapting a reference template, any existing client-side JavaScript is carried into the final HTML and will execute in a browser when the page is opened.
Preserve ALL CSS, animations, layout structure, SVG filters, and JavaScript exactly
Use trusted templates and review or remove JavaScript before publishing the generated page.
Visitors opening the generated page may connect to Google Fonts unless the font is removed or self-hosted.
The default generated page loads Google Fonts, which is disclosed by the skill and is typical for landing pages, but it is still a third-party browser request when the page is viewed.
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700;800&display=swap" rel="stylesheet">
If privacy, offline use, or strict dependency control matters, self-host fonts and review any added external embeds before deployment.