ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A2WF — Agent-to-Web Framework

v1.0.1

Validate, generate, and audit A2WF siteai.json files — the open standard for AI agent governance on websites. Use when working with siteai.json policies, che...

0· 65·0 current·0 all-time
by@wolfuser45
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included files: generate.mjs and validate.mjs implement generation, local validation, and an audit mode for siteai.json files. However, the registry lists no required binaries while the runtime scripts are Node.js modules (#!/usr/bin/env node) — the skill implicitly requires a Node 20+ runtime and the agent's ability to exec commands. SKILL.md metadata also declares dependence on agent tools (web_fetch, exec) while the registry's required-binaries section is empty. This is an inconsistency the user should be aware of.
Instruction Scope
SKILL.md instructions and the included scripts stay on task: discovering/fetching siteai.json (via web_fetch), validating against schema, generating template documents, and producing an audit report. The validator is explicit about local-only validation and the generator writes to stdout or an output file. There are no instructions to read unrelated system files, access environment variables, or transmit collected data to hidden endpoints. The only external activity recommended is using web_fetch to download a site's /siteai.json, which is appropriate for the stated purpose.
Install Mechanism
No install spec; this is instruction-only with small reference scripts included. Nothing is downloaded or written by an installer. The risk surface is limited to executing the included scripts locally (they use only Node builtins). The main operational dependency (Node runtime) is not declared in the registry metadata — not an installation risk per se, but a packaging/documentation omission.
Credentials
The skill requests no environment variables, credentials, or config paths. That aligns with its purpose: validating/generating JSON policies does not require secrets. The SKILL.md does expect agent tools (web_fetch and exec) but these are agent tool permissions rather than environment credentials; they are proportional to enabling live-site validation and running the provided Node scripts.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request persistent system presence or modify other skills. Its actions are local (running Node scripts, optionally writing an output file) and do not alter agent configuration or persist credentials.
What to consider before installing
This skill appears to implement what it claims (siteai.json generation/validation/audit) and contains only small Node.js scripts that use built-in APIs. Before installing/using it: - Confirm you (or the agent) have a Node.js 20+ runtime available; the registry lists no required binaries but the scripts are node modules (shebang + use of node: builtins). - The SKILL.md expects the agent to have the exec tool (to run node) and web_fetch (to fetch live /siteai.json). Verify your agent's exec permission scope — granting exec lets the skill run arbitrary commands, so limit it if you don't trust the skill. - Review the included scripts locally (they are short and readable); they perform only JSON parsing/validation and do not phone home. Running them will read whatever file or stdin you provide and may write an output file if you pass --output. - Be cautious when validating private or sensitive site content: piping sensitive documents into the validator will expose them to whatever environment executes the script (stdout/stderr, logs). Run in a sandbox if unsure. - If you need assurance, ask the publisher to update registry metadata to declare Node as a required runtime and to include an explicit tool/permission list; that would remove the main inconsistency observed here.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5sp6s4nbr8aqdnz93yrz5d83dh04

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments