Ahrefs Complete SEO Suite

What to consider before installing: - Metadata mismatch: SKILL.md and INSTALL.md both instruct you to put AHREFS_API_TOKEN and AHREFS_API_PLAN into ~/.openclaw/workspace/.env, but the skill's registry metadata lists no required env vars or primary credential. Ask the publisher to fix the metadata or provide a trustworthy source repository before installing. - Unknown source/homepage: There is no homepage or source URL in the registry entry. Prefer skills with a verifiable repository or official publisher. Verify the repository contents (commit history, contributors) and confirm the skill comes from a trusted author. - Limit token scope and rotate: Use an API token with the minimum needed permissions if Ahrefs supports scoped tokens. Consider creating a dedicated API token for this skill and rotate it after testing. - Test in isolation: Try the examples manually (curl with your token) or run the skill in a sandboxed account/workspace and monitor API usage and logs for unexpected calls. - Check .env handling: Because the skill reads/writes ~/.openclaw/workspace/.env, confirm that only expected variables are present and that file permissions are restrictive (chmod 600). Remove the token from that file if you uninstall the skill. - Ask for clarification: Request that the maintainer update skill.json to declare AHREFS_API_TOKEN as required primaryEnv and AHREFS_API_PLAN as a required config, and publish a source URL. If they cannot or will not, treat installation as higher risk. If the author updates the registry metadata to correctly declare required env vars and provides a verifiable source repository, this assessment could move toward benign; absent that, proceed cautiously or prefer an officially published Ahrefs integration.