Ahrefs Complete SEO Suite
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can use your Ahrefs API access and allowance for SEO requests, and the token could be exposed if terminal output or logs are shared.
The skill requires a persistent Ahrefs API token and suggests a verification command that can display it; this is expected for Ahrefs API access but is still an account credential.
echo "AHREFS_API_TOKEN=your_token_here" >> ~/.openclaw/workspace/.env ... grep AHREFS ~/.openclaw/workspace/.env
Store the token only in the workspace .env file with restrictive permissions, avoid printing the full token, and rotate/revoke it if it is exposed.
Large or repeated SEO queries could use up Ahrefs API units or hit rate limits.
The skill is designed to call Ahrefs APIs, including bulk and large-result queries, which can consume the user's paid API quota.
Each API request consumes units from your monthly allowance ... Cost depends on rows returned (minimum 50 units per request)
Set clear limits for broad or batch requests, use small result limits when possible, and review API usage in Ahrefs after large analyses.
If a user manually clones an untrusted repository, they could install different content than the reviewed instruction-only skill.
The optional manual installation path uses an unspecified repository placeholder, so provenance depends on what URL the user chooses. The provided artifacts themselves contain no runnable code.
git clone <repo-url> ahrefs
Install from the official ClawHub/OpenClaw listing when possible, or verify the repository owner and commit before manual installation.