CEORater
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Requests made through the skill are authorized with your CEORater account key and may be subject to your subscription, rate limits, and provider terms.
Why it was flagged
The helper sends the user's CEORater API key as a bearer token to the provider API. This is purpose-aligned and disclosed, but it is credentialed account access.
Skill content
curl -sS --fail-with-body -H "Authorization: Bearer $CEORATER_API_KEY"
Recommendation
Use a dedicated CEORater API key, store it securely, avoid sharing logs or config files containing it, and rotate the key if exposed.