dataforseo-cli
v1.0.7LLM-friendly keyword research CLI for AI agents. Check search volume, CPC, keyword difficulty, and competition via DataForSEO API. Find related keywords, ana...
⭐ 2· 679·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md describes a CLI wrapper for the DataForSEO API (volume, related, competitor, locations, languages) which aligns with the skill name and description. However, the registry metadata lists no required credentials or env vars while the instructions clearly require DataForSEO credentials (login/password or base64 token) to be configured. That metadata omission is an inconsistency to be aware of.
Instruction Scope
Instructions are specific to installing and using an npm CLI that queries DataForSEO and caches results. They instruct storing credentials in ~/.config/dataforseo-cli/config.json and caching results in ~/.config/dataforseo-cli/cache/. These actions are coherent for a CLI but involve reading/writing files in the user's home config — a legitimate function but a privacy/safety consideration (credentials and query history are persisted). Instructions do not ask for unrelated system files or other credentials.
Install Mechanism
There is no built-in install spec in the registry; the SKILL.md recommends running 'npm install -g dataforseo-cli' (package on npm and GitHub links provided). Installing an npm package globally executes third-party code on the host — a standard but non-trivial risk. The package source is public (npm + GitHub), which mitigates risk if you audit it first.
Credentials
Functionality legitimately requires DataForSEO API credentials (login/password or base64 token), but the skill metadata declares no required env vars/primary credential. The credential requirement is proportional to the stated purpose, but the metadata omission reduces transparency. Also, credentials are stored in plaintext JSON under ~/.config by default — verify file permissions and consider using secure storage if available.
Persistence & Privilege
The skill does not request permanent 'always' inclusion. It writes its own config and cache under ~/.config/dataforseo-cli/, which is expected for a CLI tool. Default autonomous invocation is allowed (platform default) but not combined here with unusual privileges.
What to consider before installing
This is an instruction-only skill that wraps a public npm CLI for DataForSEO. Before installing or using it: 1) Review the npm package and GitHub repo code to ensure there is no unexpected behavior (global npm packages run third-party code). 2) Be aware the tool will ask for and persist your DataForSEO credentials in ~/.config/dataforseo-cli/config.json and will cache queries under ~/.config/dataforseo-cli/cache/ — check and tighten file permissions or use safer secret storage if you need to. 3) Confirm you are comfortable with the DataForSEO account you supply (billing/API usage may incur cost). 4) Note the registry metadata did not declare required credentials — treat that omission as a transparency issue and prefer packages whose registry metadata accurately lists needed secrets. If you want lower risk, inspect the package source or run it in an isolated environment/container before granting it access to your real credentials or home directory.Like a lobster shell, security has layers — review code before you run it.
latestvk970wgrszsv0699em2rgr9tte181fm8x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.