SEO Ranker
ReviewAudited by ClawScan on May 10, 2026.
Overview
SEO Ranker mostly matches its SEO purpose, but its setup and credential requirements are broader than necessary and should be reviewed before use.
Use this skill only after checking the setup commands. Prefer installing just the four named dependencies instead of running `update --all`, provide only the single model API key you want to use, and review any Maton/OAuth provider scopes before connecting SEO accounts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup could change other installed skills or pull newer, unreviewed dependency versions, affecting the agent beyond the SEO workflow.
The recommended setup uses unpinned latest installer commands and a bulk update of all ClawHub skills rather than only the four dependencies needed by this skill.
npx -y clawhub@latest install brave-search ... npx -y clawhub@latest update --all
Install only the named dependencies, avoid `update --all` unless you intentionally want a global update, and prefer pinned or verified versions when possible.
Users may expose or configure unnecessary AI-provider API keys for a workflow that should only need one model provider.
The frontmatter declares all four model provider keys as required, while the body says only one model key is necessary, creating an overbroad credential requirement.
"env":["BRAVE_API_KEY","MATON_API_KEY","OPENAI_API_KEY","ANTHROPIC_API_KEY","XAI_API_KEY","GEMINI_API_KEY"] ... "One summarize model key"
Set only the Brave and Maton keys and the single model-provider key you intend to use; the skill metadata should be corrected to express alternatives rather than requiring all provider keys.
Connected SEO or search-console accounts may be queried, and user-provided page content may be processed by external services during analysis.
The workflow can process user-provided content and use a gateway with third-party provider connections for SEO data. This is disclosed and purpose-aligned, but it crosses account/provider boundaries.
content_source (URL fetch, pasted text, or file path) ... `api-gateway` ... requires `MATON_API_KEY` ... active OAuth/connection per app
Connect only providers needed for the audit, review OAuth scopes in the provider control plane, and avoid submitting private content unless the provider terms are acceptable.