Distribb SEO Agent Skill: Backlinks Exchange, Writer, Keyword Research
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Distribb is coherent as an SEO publishing skill, but it can use an API key to publish or schedule public CMS content, trigger social posts, and insert exchange backlinks without clear approval safeguards in the visible instructions.
Install only if you trust Distribb and want an agent to help manage public SEO content. Before use, tell the agent not to publish, schedule, or update anything without your explicit approval; review the article, backlinks, CMS destination, timing, and any auto-generated social posts first.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could publish or schedule business website content before the user has reviewed the final article, target project, CMS integration, and timing.
The skill provides direct API workflows for saving, scheduling, and publishing articles, but the visible instructions do not add an explicit final approval gate before these public-facing mutations.
# 7. SUBMIT: Save to Distribb's content calendar ... "scheduled_date": "2026-04-01T09:00:00Z", "status": "Planned" ... # 8. PUBLISH: Push to CMS (or let it auto-publish on schedule)
Require explicit user confirmation before any create, update, schedule, or publish call, and show the final content and destination first.
A single mistaken publish action could create public posts across multiple business social accounts.
One publish action can propagate automatically across multiple connected social platforms, and the visible artifacts do not require per-platform preview or approval.
When you publish an article, Distribb automatically generates social media posts for every platform the user has connected (X, LinkedIn, Reddit, etc.).
Confirm connected platforms and require preview/approval of social posts before publishing, or disable automatic repurposing when not wanted.
Articles may include third-party backlinks that affect brand reputation, SEO compliance, or editorial standards.
The skill tells the agent to include provider-selected external links in generated articles when backlink participation is enabled; this is purpose-aligned but can steer editorial content.
BACKLINK TARGETS (REQUIRED if BecklinksNetworkParticipation is "Yes") ... Do NOT skip this step. ... You MUST include 1-2 URLs from the backlink-targets response as natural references.
Review and approve each backlink target before it is included in content, especially before publishing.
Anyone or any agent with this key may be able to access or change Distribb project content depending on the key's permissions.
The API key is expected for Distribb, but it appears to authorize access to projects, business context, integrations, article creation, updates, and publishing.
All requests require the header: `Authorization: Bearer $DISTRIBB_API_KEY`
Use the least-privileged key available, store it securely, rotate it if exposed, and revoke it when no longer needed.
The generated content may follow outdated or unwanted brand instructions from the Distribb account.
Retrieved business context and custom instructions are intended to influence article generation; if stale, compromised, or overly broad, they could steer outputs unexpectedly.
BUSINESS CONTEXT: Get brand voice, competitors, custom instructions
Treat returned business context as advisory context, not higher-priority instructions, and review it before relying on it for public content.