LLM Signal GEO Analyst
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears aligned with its stated LLM Signal workflow, but it sends your site ID/API key to the configured service, stores plan history, and may automatically carry out provider-marked safe actions.
This looks like a coherent LLM Signal integration. Install it only if you trust the configured LLM Signal endpoint, are comfortable sending the site ID and API key there, and understand which provider-labeled actions may run automatically versus requiring approval.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Provider-marked safe actions may be performed without a separate approval prompt.
The provider's plan output can drive automatic actions when labeled auto_safe. This is disclosed and guarded by approval rules for other action types, but users should understand the auto_safe boundary.
Automatically execute only actions marked automation=auto_safe.
Before enabling this in sensitive projects, ask the agent to show planned auto_safe actions and restrict automatic changes to low-risk, reversible tasks.
Anyone controlling the configured base URL or the API key could affect access to the connected LLM Signal site/account.
The skill uses the required LLM Signal API key to authenticate to the configured base URL. This is expected for the integration, but it is sensitive account authority.
curl -sS -X POST "${LLMSIGNAL_BASE_URL%/}/api/agent/v1/plan" ... -H "X-LLMSIGNAL-KEY: ${LLMSIGNAL_API_KEY}" ... "apiKey":"${LLMSIGNAL_API_KEY}"Use the official HTTPS LLM Signal base URL unless intentionally self-hosting, and use a scoped or revocable API key if available.
Run history and outcomes may be retained by the provider and potentially influence later workflow analysis.
The skill explicitly stores workflow history with the provider. This is disclosed and relevant to the workflow, but it creates persistent context outside the local session.
Use `persist=true` in plan calls to store run history and outcomes.
Avoid including secrets or sensitive business details in workflow outputs, and confirm the provider's retention controls if this matters for your site.