Ahrefs
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: ahrefs-seo Version: 0.1.1 The skill bundle provides instructions for an AI agent to perform SEO research using Ahrefs via the ClawLink integration service (claw-link.dev). It follows a standard OAuth-like pairing flow and uses dynamic tool discovery through the 'clawlink-plugin'. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found; the instructions include explicit safety rules such as requiring user confirmation for writes and protecting credentials.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill requires trusting and installing the ClawLink plugin in addition to the instruction-only skill.
The skill depends on a separate plugin that is not part of this artifact set. The install is user-directed and purpose-aligned, but users should recognize that the reviewed skill does not include the plugin's code.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the ClawLink plugin only from the expected ClawHub source and review its own permissions or verification information before use.
ClawLink will be able to act through the connected Ahrefs integration according to the permissions the user grants.
The skill delegates Ahrefs access and credential handling to ClawLink. This is expected for the integration, but it involves account authorization and provider permissions.
ClawLink ... handles hosted connection flows and credentials so you don't need to configure Ahrefs API access yourself.
Grant only the Ahrefs access needed, review the connected scopes or account permissions in ClawLink, and disconnect the integration if it is no longer needed.
Some connected tools may be able to change external account data if the user's Ahrefs/ClawLink permissions allow it.
The skill may expose dynamic Ahrefs tools that can include write or account-changing operations. The instructions add preview and confirmation controls, making this a purpose-aligned note rather than a concern.
For writes or anything marked as requiring confirmation, call `clawlink_preview_tool` first, then confirm with the user.
Review previews carefully and only approve write, bulk, destructive, or external-facing actions that match your request.
Credentialed integration requests will go through ClawLink rather than directly from the skill to Ahrefs.
The artifact discloses a data boundary between the local OpenClaw plugin and the ClawLink service. This is normal integration plumbing, but users should understand that credentialed tool calls depend on that external gateway.
The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to `claw-link.dev`.
Use the provided ClawLink verification and documentation links to confirm the service and avoid pasting raw credentials into chat.