ClawHub
Back to skill
v1.0.0

Sa Clean

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:33 AM.

Analysis

This looks like a normal SEO-audit helper, but it asks for an Anthropic API key for AI features and refers to a Python script that is not included in the supplied files.

GuidanceBefore installing, verify that the missing seo_audit_skill.py file is available from a trusted source, use a budget-limited Anthropic API key if possible, and only audit pages whose content you are comfortable sharing with an external AI service.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Uses `seo_audit_skill.py` (in this directory).

The supplied file manifest lists only SKILL.md, so the referenced Python entrypoint is not present in the reviewed artifacts.

User impactThe skill may not run as described, and the actual implementation cannot be reviewed from the supplied package.
RecommendationConfirm the referenced Python file is present from a trusted source before running it or providing credentials.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Premium tier (ANTHROPIC_API_KEY): Full 50+ check crawl + AI analysis (Claude Haiku, ~$0.003/audit)

The skill uses a provider API key for Claude-based analysis and generation, which is expected for the stated premium features but still grants access to the user's Anthropic account and billing.

User impactUsing the skill with premium features can consume Anthropic API credits and relies on the user's API credential.
RecommendationUse a scoped or budget-limited Anthropic key where possible, and only provide it if you intend to use the AI-powered features.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
Makes HTTP requests with BeautifulSoup for crawling, Claude Haiku for AI analysis.

The artifact discloses website crawling and external AI-provider analysis, but it does not spell out detailed payload, retention, or privacy boundaries.

User impactURLs, page content, keywords, or generated prompts may be processed by an external AI provider during premium analysis.
RecommendationAudit only websites and content you are comfortable sending to the AI provider, and avoid private or internal URLs unless that data sharing is acceptable.