Skillv1.0.2

ClawScan security

SEO Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 30, 2026, 8:45 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only SEO reviewer that visits public URLs and analyzes visible page elements; its requirements and instructions are internally consistent but a couple of behavioral details (progress storage and handling of authenticated/private pages) are underspecified.
Guidance: This skill looks coherent for doing visibility-based SEO reviews of public pages and has low install risk since it is instruction-only. Before installing or using it: (1) confirm how and where 'previous reviews' or tracking data are stored (agent local memory vs external service) and whether you can delete that data; (2) avoid asking the skill to audit pages behind authentication or internal sites unless you understand how credentials will be provided and stored; (3) be aware the agent will fetch the page HTML/visible content you provide—do not supply URLs that expose sensitive tokens or private content; (4) consider disabling autonomous invocation or restricting automated periodic scans if you don’t want the agent to fetch URLs without explicit consent; (5) if provenance matters, ask the publisher for a homepage or privacy policy (none is provided here). These checks will reduce privacy surprises while using a otherwise coherent SEO-audit skill.

Review Dimensions

Purpose & Capability: okThe name/description (SEO audit, check title/meta/headers/content) matches the SKILL.md instructions. The declared behavior—using a built-in browser to inspect visible page elements and produce checklist-based recommendations—is coherent with the stated purpose.
Instruction Scope: noteInstructions are narrow and focus on visiting URLs and inspecting visible content (title tag, meta description, headings, images, internal links, robots/sitemap, HTTPS, viewport, load time, readability). They do not instruct reading local files, environment variables, or unrelated system state. However, 'Tracking Progress' is mentioned without specifying where or how reviews are stored (agent memory, user account, external service), which is ambiguous and could affect privacy or persistence.
Install Mechanism: okThere is no install spec and no code files; the skill is instruction-only, so nothing will be written to disk or downloaded during install. This is low risk and proportionate for the described functionality.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is appropriate for an analyzer that only visits publicly accessible pages. There are no unexplained credential requests.
Persistence & Privilege: notealways is false and the skill is user-invocable (normal). The SKILL.md's 'tracking progress' and comparison features imply some state or saved reviews, but the skill doesn't declare where state is stored or whether data is transmitted to any external storage—this ambiguity should be clarified before trusting long-term storage or automated recurring scans.