CEORater

PassAudited by ClawScan on May 1, 2026.

Overview

CEORater appears to be a straightforward read-only API skill; the main thing to review is that it requires a CEORater API key and sends authorized queries to CEORater.

Install only if you are comfortable providing a CEORater API key and sending CEO/company research queries to CEORater’s API. The artifacts show read-only API usage and no hidden persistence or destructive behavior.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Requests made through the skill are authorized with your CEORater account key and may be subject to your subscription, rate limits, and provider terms.

Why it was flagged

The helper sends the user's CEORater API key as a bearer token to the provider API. This is purpose-aligned and disclosed, but it is credentialed account access.

Skill content

curl -sS --fail-with-body -H "Authorization: Bearer $CEORATER_API_KEY"

Recommendation

Use a dedicated CEORater API key, store it securely, avoid sharing logs or config files containing it, and rotate the key if exposed.