SEO Content Engine

This skill mostly does what its description says (scrape competitors and call Gemini to generate copy), but there are three things to consider before installing or running it: 1) GEMINI_API_KEY requirement: The code requires a Gemini API key but the registry metadata omitted any required env vars. Confirm where you should provide the API key and avoid placing other secrets in the same .env file. Prefer passing only the GEMINI_API_KEY via a secure, explicit mechanism rather than relying on a hard-coded file path. 2) Hard-coded .env path: engine.py loads /Users/edwin/.openclaw/workspace/dreams-arts/.env. That is a user-specific path and will pull any variables from that file into the process environment. Either change the code to accept a configurable path or ensure that file contains no secrets you don’t want the script to access. 3) Local Chrome CDP exposure: The script connects to Chrome on localhost:9222 to reuse an active Google session for scraping. This gives the script access to your browser context (open tabs, cookies, session state). Only run this in an environment where you consent to that access — ideally in a disposable or isolated profile/browser instance with no sensitive accounts logged in. Additional suggestions: review the rest of the script (generation calls truncated in provided file) to confirm it does not transmit scraped content or cookies to any unexpected remote endpoints beyond the Gemini API. If you need lower risk, run the research step separately in a controlled environment (or use skip-research) and keep the generation step limited to supplying only the minimal required inputs (keyword and a dedicated API key). If the author can update the skill to remove the hard-coded .env path and declare GEMINI_API_KEY in metadata, my concerns would be reduced.