Back to skill
Skillv1.0.0
ClawScan security
RankForge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 2:38 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match an SEO API client, but metadata omits the required environment variables and the service endpoint is an unverified third‑party domain; this mismatch and potential data exposure warrant caution.
- Guidance
- This skill appears to be a small client for an SEO API and will send URLs and any provided JSON to https://anton.vosscg.com. Before installing or using it: (1) verify the service/provider (no homepage is listed and the domain is unverified); (2) be aware you must supply RANKFORGE_API_KEY or RANKFORGE_EMAIL even though the registry metadata omits these — treat any API keys or emailed signup tokens as sensitive; (3) avoid sending sensitive site content or credentials to the third party; (4) note the helper script prints the API key to stderr which can leak to logs — consider removing that line or running in a controlled environment; (5) if you need stronger assurance, ask the publisher for a homepage/company info, an explicit requires.env listing, and a privacy/security policy for data submitted to the API.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md, description, and the included script all align with an SEO analysis API client (site audits, keyword research, etc.). However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and scripts expect RANKFORGE_API_KEY or RANKFORGE_EMAIL (and optionally RANKFORGE_API_URL). That metadata mismatch is inconsistent and should have been declared.
- Instruction Scope
- noteInstructions tell the agent to POST site URLs and analysis requests to https://anton.vosscg.com. Nothing in the instructions asks the agent to read local files or other unrelated system state. However, the skill will transmit user-provided URLs and any JSON payloads to a third-party endpoint; users should consider privacy of the data sent.
- Install Mechanism
- okNo install spec; the skill is instruction-only with a small helper bash script. No archives or external installers are downloaded, so there's no filesystem install risk from the registry package itself.
- Credentials
- concernAlthough registry metadata lists no required env vars, both SKILL.md and scripts require RANKFORGE_API_KEY or RANKFORGE_EMAIL and optionally read RANKFORGE_API_URL. This undeclared credential requirement is disproportionate to the metadata and reduces transparency. The script also echoes the retrieved API key to stderr ("✅ Free key: $API_KEY"), which can leak secrets into logs.
- Persistence & Privilege
- okThe skill does not request permanent presence (always:false), does not modify other skills or system-wide settings, and does not write persistent config. Autonomous invocation is allowed (platform default) but is not by itself a new risk here.