Content Strategy Analyzer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: content-strategy-analyzer Version: 1.0.0 The skill is classified as suspicious due to significant vulnerabilities in its scripts. `scripts/crawl_website.py` is vulnerable to Server-Side Request Forgery (SSRF) as it fetches content from an arbitrary user-supplied URL without validation, potentially allowing access to internal network resources. `scripts/generate_excel.py` is vulnerable to path traversal, as it accepts arbitrary file paths for both input and output files via command-line arguments, which could lead to unauthorized reading or writing of files on the system.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a private, internal, or unintended URL is provided, the skill may request that address from the user's environment.
The crawler fetches a user-supplied URL. This is expected for the skill, but it means the agent can make network requests to whatever URL is provided.
url = sys.argv[1] ... response = requests.get(url, headers=HEADERS, timeout=30)
Use the skill with intended public URLs, and confirm before analyzing private or internal sites.
Package behavior can vary by version, and unpinned installs rely on the current package index state at install time.
The documented setup installs unpinned third-party Python packages. These packages are relevant to crawling and Excel generation, but their versions are not constrained.
pip install requests beautifulsoup4 openpyxl
Install dependencies in a virtual environment and consider pinning trusted package versions before use.