RankForge
PassAudited by ClawScan on May 1, 2026.
Overview
RankForge appears to be a coherent SEO API helper, with the main caveat that it sends submitted SEO data and an API key or email to its external provider.
Use RankForge only if you are comfortable sending target URLs, keywords, competitor domains, and an email/API key to the RankForge endpoint at https://anton.vosscg.com. Treat generated API keys as secrets, review the small shell helper before using it, and make sure RANKFORGE_API_URL is not set to an unintended endpoint.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the helper may send your email to the provider and may expose the generated RankForge API key in terminal output or agent logs.
The helper uses an API key or an email-based signup flow and prints a generated key. This is aligned with the RankForge API purpose, but it is credential and email handling that users should notice, especially because the registry metadata declares no credential or env var requirements.
API_KEY="${RANKFORGE_API_KEY:-}"
EMAIL="${RANKFORGE_EMAIL:-}"
... echo "✅ Free key: $API_KEY" >&2Use a service-specific email or key, treat the key as a secret, and avoid sharing logs that contain it.
You have less external context for verifying who operates the API endpoint before sending SEO data or credentials.
The registry metadata does not provide source or homepage provenance for the provider/package. The included helper is short and consistent with SKILL.md, so this is a provenance note rather than evidence of hidden behavior.
Source: unknown Homepage: none
Review the included shell helper and verify the provider endpoint before supplying API keys, emails, or sensitive site information.