dataforseo-cli
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent DataForSEO keyword-research CLI skill, with noteworthy but disclosed use of an external npm package, DataForSEO credentials, paid API calls, and local caching.
Before installing, verify the npm package source, use a dedicated DataForSEO credential if possible, watch API usage costs, and remember that credentials and cached keyword results are stored under ~/.config/dataforseo-cli.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing a global npm package gives that package code execution on the local machine during install and use.
The skill relies on installing an external global npm package. That is expected for a CLI skill, but users should verify the npm package and repository before installing.
npm install -g dataforseo-cli
Confirm the npm package and GitHub repository are the intended project before installing, and prefer normal package-manager hygiene such as checking versions and publisher history.
Anyone or any process with access to that config file may be able to use the DataForSEO account credentials.
The skill asks for DataForSEO credentials and stores them locally. This is expected for a DataForSEO API wrapper, but it is still sensitive account access.
dataforseo-cli --set-credentials login=YOUR_LOGIN password=YOUR_PASSWORD ... Credentials are stored in `~/.config/dataforseo-cli/config.json`.
Use dedicated DataForSEO credentials with the least necessary access, protect the config file, and rotate credentials if the machine or account is shared.
Frequent or automated keyword queries could create API costs or consume account quota.
The main commands make external API calls that may consume quota or incur costs. The artifact discloses this, and it is aligned with the SEO research purpose.
DataForSEO charges per API request, not per keyword
Set clear limits for agent use, batch keywords as suggested, and monitor DataForSEO usage or billing.
Keyword research history may remain on disk and be reused in later runs.
The skill persistently stores query results locally. This is useful and purpose-aligned, but SEO research queries and competitor analysis can be business-sensitive.
Results are cached in `~/.config/dataforseo-cli/cache/` to avoid duplicate API calls and save costs.
Review or clear the cache when working with sensitive campaigns, and avoid sharing the config directory unintentionally.