Ahrefs Connection
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Ahrefs API helper, but it needs an Ahrefs API key and can make authenticated calls that use your API allowance.
Before installing, be prepared to provide an Ahrefs API key only through a secure method such as an environment variable. Prefer a key with usage limits, review large or batch API calls, and monitor Ahrefs limits/usage so the agent does not unintentionally consume more API units than intended.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make authenticated Ahrefs API requests for SEO tasks, potentially using monthly API quota or paid units.
The skill relies on direct API/curl calls and encourages batching. This is expected for an Ahrefs integration, but those requests can consume paid or limited API units.
Use `curl` or similar tools to call the Ahrefs API. Base URL: `https://api.ahrefs.com/v3` ... **Batch requests** when possible (up to 100 targets) ... Each request consumes API units
Use an API key with a monthly unit cap where possible, review large or batch requests, and keep result limits narrow.
Anyone or any agent action using the key can access Ahrefs API data permitted by that key and consume the associated API allowance.
The skill requires an Ahrefs bearer token. This credential use is purpose-aligned, but it grants account/workspace API access and should be handled carefully.
All API requests require an API key passed via the `Authorization` header: `Authorization: Bearer YOUR_API_KEY` ... `export AHREFS_API_KEY="your-api-key-here"`
Store the key securely, avoid pasting it into chats, scope or cap it if Ahrefs allows, and revoke/rotate it if it may have been exposed.