v1.7.0

Aeo

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 5:21 PM.

Analysis

This skill is mostly clear and limited, but it runs an external npm package at use time pinned only to a major version, so the executed code can change outside the provided artifacts.

GuidanceBefore installing, verify that you trust the `@ainyc/aeo-audit` npm package and consider using an exact pinned version. Run the skill only in the intended website repository, review any generated `llms.txt`, `llms-full.txt`, or `robots.txt` changes, and use conservative limits for broad sitemap or competitor-list audits.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

allowed-tools:
  - Bash(npx @ainyc/aeo-audit@1 *)

The skill can run a shell command with arbitrary arguments after the approved npm package. This is aligned with the audit workflow, and the skill includes argument-safety rules, but users should notice the shell-based CLI authority.

User impactThe agent can invoke the audit CLI against user-provided URLs and flags, which may make network requests or perform mode-specific actions.

RecommendationUse explicit URLs and flags, avoid sensitive internal targets unless intended, and review any proposed edits before approving them.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npx @ainyc/aeo-audit@1 "<url>" [flags] --format json

The skill relies on a runtime npm package resolved by a major-version tag (`@1`) rather than an exact immutable version, while no package code or install lockfile is included in the artifacts.

User impactThe code executed by the skill can change as the npm package's 1.x release line changes, creating a supply-chain review gap.

RecommendationPrefer an exact pinned package version and verify the package provenance before use, especially in sensitive repositories.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

Always use the published package:

```bash
npx @ainyc/aeo-audit@1 "<url>" [flags] --format json
```

The skill explicitly executes an npm CLI through `npx`. This is expected for the stated purpose, but it means external package code runs locally.

User impactUsing the skill executes third-party CLI code in the local environment.

RecommendationUse it in a trusted project environment and consider pinning/verifying the CLI package before running.

Cascading Failures

SeverityLowConfidenceHighStatusNote

SKILL.md

Pages are audited with bounded concurrency (5 in flight) to avoid hammering the target origin.

Sitemap and batch modes can fan out across many pages or URLs, but the instructions include a concurrency bound to reduce impact.

User impactLarge sitemap or competitor-list audits may generate multiple requests and broader analysis output.

RecommendationUse limits for large sites or lists, and run broad audits only when you have permission to test the targets.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

- Read
  - Glob
  - Grep
  - Write(llms.txt)
  - Write(llms-full.txt)
  - Write(robots.txt)

The skill requests local workspace read/search access and write access to specific web-facing files. This is purpose-aligned and does not request credentials, but it is still local project authority.

User impactThe skill can inspect the current project and write selected files that may affect how crawlers or AI systems interpret the site.

RecommendationRun it only in the intended website project and review file diffs before accepting changes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityInfoConfidenceMediumStatusNote

SKILL.md

Run:
   ```bash
   npx @ainyc/aeo-audit@1 "<url>" [flags] --format json
   ```
2. Return:
   - Overall grade and score
   - Short summary
   - Factor breakdown
   - Top strengths
   - Top fixes

The workflow uses data retrieved from websites as analysis context for recommendations. This is expected for an audit skill and the artifacts do not show persistent memory, but the retrieved context should be treated as untrusted input.

User impactWebsite content or audit output can influence recommendations and proposed fixes.

RecommendationTreat audit findings as advisory and review changes manually, especially when auditing untrusted or competitor sites.