ClawHub

SEO Assistant

v1.0.0

AI-powered SEO analysis and optimization. Audit HTML pages, rewrite meta tags, research keywords, generate schema markup, and create sitemaps. Powered by evo...

0· 46·0 current·0 all-time
by@evolinkai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (python3, curl), and required env var (EVOLINK_API_KEY) match the behavior: local HTML auditing (python) and remote AI analysis (curl + API key). The included npm installer simply copies skill files into a workdir and is proportional to distributing a CLI-style skill.
Instruction Scope
SKILL.md and scripts are explicit: local commands (audit, sitemap) run locally and do not transmit data; AI commands (check, rewrite, keywords, schema) POST HTML or topic text to https://api.evolink.ai. The check command fetches target URLs with curl (head-cropped to 15k) which means running checks against internal/intranet URLs could send internal page content externally if the user invokes it. The scripts create temporary files for payloads and attempt to remove them via trap.
Install Mechanism
There is no registry install spec in the metadata, but the package includes a harmless npm installer (copies skill files to a skills/ directory, writes .clawhub/lock.json and .clawhub-origin.json). No remote downloads or obfuscated installers are present; install behavior is straightforward file copy.
Credentials
Only EVOLINK_API_KEY is required (with optional EVOLINK_MODEL). The installer also reads optional CLAWHUB_WORKDIR/CLAWDHUB_WORKDIR environment variables to determine a workdir, which is reasonable. No unrelated credentials or broad secrets are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configurations. The installer writes the skill into a 'skills/<slug>' folder and updates a .clawhub lock file in the chosen workdir — expected for an installed skill.
Assessment
This skill appears to be what it says, but review these points before installing or using it: - AI features transmit page HTML or topic text to api.evolink.ai using the EVOLINK_API_KEY you provide. Do not send sensitive/private content (internal dashboards, pages behind auth) unless you trust Evolink and the API key's usage policy. Testing against internal URLs may leak internal content. - The installer (npm/bin/install.js) will copy files into a skills/ directory under a discovered workdir (or current working directory) and will write .clawhub/lock.json and .clawhub-origin.json. Run the installer in a safe/empty directory if you want to inspect files first. - The scripts use curl and python3 and create temporary payload files that are removed via trap; still inspect the scripts if you have strict security requirements. - Use a dedicated or limited-scope API key for Evolink rather than a long-lived/privileged secret. If you only need local audits or sitemap generation, you can avoid setting EVOLINK_API_KEY and keep all work local. If you want higher assurance, verify the Evolink service (https://api.evolink.ai) privacy/retention policy and review the included scripts in your environment before running any command that contacts external URLs or the API.

Like a lobster shell, security has layers — review code before you run it.

latestvk9706t60p0yyy1zbsf1d4f2yyd84pt2y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, curl
EnvEVOLINK_API_KEY
Primary envEVOLINK_API_KEY

Comments