v1.1.0

GEO Optimization

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:54 AM.

Analysis

This is mostly a GEO content-optimization guide; optional monitoring scripts are related but use a Perplexity API key, external API calls, and local history files if run.

GuidanceThe content guidance itself is low-risk. Only run the monitoring scripts if you intend to use a Perplexity API key, send the listed queries to Perplexity, and store local result history; edit the hardcoded workspace path and Gameye-specific queries before reusing the automation.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/geo-monitor.py

requests.post("https://api.perplexity.ai/chat/completions", headers={"Authorization": f"Bearer {api_key}" ...}, json={"model": "sonar-pro", "messages": [{"role": "user", "content": query}]}, timeout=30)

Running the monitor sends test queries to Perplexity's API. This is aligned with the GEO monitoring purpose, but it is an external API operation.

User impactQueries may be shared with Perplexity and could incur usage costs under the configured API key.

RecommendationReview the query list before running bulk tests and avoid putting confidential business information in ad hoc queries.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/geo-daily-monitor.sh

WORKSPACE="/Users/awalker/clawd"
cd "$WORKSPACE"
python3 scripts/geo-monitor.py --test

The daily helper script contains a hardcoded personal workspace path, showing that the included automation is tailored to one environment rather than packaged as a generic installable workflow.

User impactThe helper may fail, run from an unintended directory, or require editing before it is safe and useful in another workspace.

RecommendationInspect and adapt the scripts, paths, and Gameye-specific query set before scheduling or relying on the monitoring automation.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/geo-monitor.py

env_path = Path(__file__).parent.parent / ".env" ... os.environ[key] = value ... api_key = os.getenv("PERPLEXITY_API_KEY")

The monitor imports values from a local .env file and uses a Perplexity API key. This is expected for Perplexity monitoring, but users should notice that the registry requirements declare no required credentials.

User impactIf you run the monitor, it will use a local Perplexity API key and may consume that account's API quota.

RecommendationUse a scoped Perplexity key, keep unrelated secrets out of the working .env where practical, and only run the scripts when you intend to perform API-backed monitoring.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityInfoConfidenceHighStatusNote

scripts/geo-monitor.py

history_dir = Path("geo-history") ... data = {"query_id": query_id, "query": query, "timestamp": timestamp, "result": result, "analysis": analysis} ... json.dump(data, f, indent=2)

The monitor stores queries, returned Perplexity content, citations, and analysis locally for later reporting.

User impactLocal history files may retain competitive research queries or other sensitive prompt text if you include it.

RecommendationTreat geo-history as local working data, avoid sensitive queries unless needed, and delete or protect the history directory when appropriate.