ValueSERP Rank Checker
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your ValueSERP account quota and sends the API key to ValueSERP as part of normal API requests.
The script reads the declared ValueSERP API key from the environment and uses it in requests to the fixed ValueSERP endpoint. This is necessary for the integration, but it is still credential-backed access.
api_key = os.environ.get("VALUESERP_API_KEY") ... "api_key": api_key ... base_url = "https://api.valueserp.com/search"Use a dedicated ValueSERP key if possible, monitor API usage, and avoid sharing logs or configuration that might expose the key.
The skill may fail on systems without python3 even though the metadata does not declare that requirement.
The documented workflow depends on python3, while the registry requirements state that no required binaries are needed. This is a minor runtime metadata gap, not evidence of hidden installation or unsafe dependency use.
python3 scripts/check_rank.py "<keyword>" <domain>
Declare python3 as a required binary or ensure the runtime provides it before installing.