Aero
ReviewAudited by ClawScan on May 16, 2026.
Overview
Aero is mostly coherent for AEO monitoring, but it needs review because its persistent-memory instructions conflict and could retain client/project facts beyond the stated scope.
Install only if you are comfortable with an AEO agent that can use external analytics/audit tools, consume provider quota, and optionally modify WordPress/Elementor sites. Clarify the memory policy first: keep project metrics and regressions in canonry unless you explicitly approve saving them, and use staging plus human approval for any website edits.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Client or project facts could be retained in durable agent memory and reused in future sessions when the user expected project state to remain only in canonry.
These workflow steps tell the agent to persist project-specific metrics and regression diagnoses, which conflicts with SKILL.md and memory-patterns guidance that project state should be read from canonry rather than remembered.
Store baseline metrics in memory ... Compare to baseline/prior week from memory ... Update memory with regression event + diagnosis
Before installing, require a clear memory policy: store only user-confirmed preferences or decisions, avoid raw metrics/regression facts, and provide an easy forget/delete path.
Saved notes may shape future recommendations and responses.
Durable notes are intentionally reused across sessions, which is useful for preferences but can influence future agent behavior if incorrect, stale, or overly broad data is saved.
Aero ships with a built-in durable notes store ... backed by the `agent_memory` table. The N most-recently-updated notes are injected into the system prompt at every session start
Review what the skill remembers, keep memory entries short and verified, and delete stale or sensitive notes.
If configured, the agent may have enough account access to change client website pages or layouts.
The optional WordPress/Elementor MCP workflow uses application-password credentials, including examples for staging and production sites, to read and modify website content.
Application Password created for API auth ... Base64-encoded credentials ... "Authorization": "Basic BASE64_CREDENTIALS"
Use least-privilege WordPress credentials, prefer staging first, avoid sharing production credentials unless necessary, and require explicit approval before any production change.
Careless use could spend quota or change what a project tracks.
Discovery runs can consume provider budget, and promotion commands mutate tracked queries or competitors, but the docs also call for previewing and user approval before writes.
Per session: ~$1 at the default probe budget ... Promote with ... `cnry discover promote <project> <session-id>`
Keep confirmation required for sweeps, discovery runs, and promotions; preview changes before applying them.
The agent may execute code from an external package source when running audits.
The workflow runs an external npm package through npx, while the registry has no install spec or pinned dependency information for this instruction-only skill.
`npx @ainyc/aeo-audit "<domain>" --format json`
Verify the npm package publisher and version, prefer pinned versions or a reviewed local install, and avoid running untrusted package code in sensitive environments.
The agent may surface analysis without a fresh user prompt when connected workflow events occur.
The skill supports event-triggered proactive responses, but the documented action is a bounded summary and recommendation rather than autonomous mutation.
When you wake on `aeo-discover-probe.completed` ... Respond with: ... A single recommended next step
Ensure event-triggered runs are expected by the workspace and keep automatic responses read-only unless the user approves changes.