IndexLift SEO Auditor
v1.0.0Use this skill when the user wants an SEO audit, technical SEO review, page-level Google or Yandex analysis, robots.txt or sitemap validation, canonical/inde...
⭐ 2· 314·0 current·0 all-time
byArtur Horosheff@horosheff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The repo contains a self-contained Node.js SEO auditor (crawler, HTML parser, checks, reporters). The files, dependencies (cheerio, fast-xml-parser, fs-extra), and npm-based usage are coherent with the declared purpose of page-level SEO audits for Google and Yandex. There are no declared env vars or external service credentials that would be out of place for an SEO auditor.
Instruction Scope
SKILL.md instructs the agent to run npm install and node scripts/run-audit.js against a user-provided URL, then read the generated JSON/Markdown artifacts. The instructions do not ask the agent to read unrelated system files, exfiltrate secrets, or call unknown external endpoints. The skill explicitly states it does not use paid APIs and documents what it does and does not measure (for example, it does not perform browser-rendered JS execution). The only external interaction is HTTP(S) fetching of the target site and any public sitemaps/robots links — expected for this purpose.
Install Mechanism
There is no custom install spec beyond 'npm install' in SKILL.md; package.json and package-lock.json are included. npm will fetch packages from the public registry (common libraries only). This is a typical moderate-risk install pattern (network retrieval from npm) but is proportionate to the Node.js tool's needs. No arbitrary archive downloads, URL shorteners, or personal servers are used in the manifest.
Credentials
The skill does not request environment variables, credentials, or config paths. Its runtime behavior (fetching pages, parsing HTML, saving artifacts) matches that. There are no signs in the code of accessing unrelated secrets or requiring cloud credentials.
Persistence & Privilege
The skill is not always-enabled (always: false) and is user-invocable. It requires node/npm to run but does not attempt to modify other skills or system-wide agent settings. It writes audit artifacts to an output path as part of normal operation.
Assessment
This skill appears to be what it says: a self-contained Node.js SEO auditor that will fetch the target page(s), parse HTML, and write JSON/Markdown reports. Before running it: (1) ensure you run it in a safe environment (it issues HTTP requests to the provided URL — do not point it at internal-only hosts you don't want probed), (2) be aware it performs network requests and will write files to the chosen output directory, (3) confirm your node version meets dependency requirements (some deps may expect a recent Node release) and consider running npm audit on the dependency tree, and (4) if you want to avoid any automated runs, don't grant the agent autonomous execution rights for this skill (the skill itself is not always-enabled, but agent platforms may invoke skills autonomously by default). If you need browser-rendered JS results or Core Web Vitals field data, note the skill explicitly does not provide those.Like a lobster shell, security has layers — review code before you run it.
GEOvk970caz29cnw7mrsxncjbcs3hd82psy2Googlevk970caz29cnw7mrsxncjbcs3hd82psy2SEOvk970caz29cnw7mrsxncjbcs3hd82psy2SEO, GEO, Yandex, Googlevk970caz29cnw7mrsxncjbcs3hd82psy2Sitevk970caz29cnw7mrsxncjbcs3hd82psy2Yandexvk970caz29cnw7mrsxncjbcs3hd82psy2latestvk970caz29cnw7mrsxncjbcs3hd82psy2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.