GEO Performance Analysis
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: geo-analyzer Version: 1.0.5 The skill bundle is a legitimate tool for Generative Engine Optimization (GEO) analysis, using a multi-stage pipeline to evaluate brand mentions in LLM outputs via the DeepSeek API. The code in main.py follows security best practices by retrieving API keys from environment variables, using structured data validation with Pydantic, and restricting network calls to the official DeepSeek endpoint (api.deepseek.com).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume the user's DeepSeek API quota and requires protecting the API key.
The skill uses a DeepSeek API key from the environment to make provider API calls. This is sensitive account authority, but it is expected for the stated API-based analysis and is not hardcoded.
api_key = os.getenv("DEEPSEEK_API_KEY") ... base_url="https://api.deepseek.com/v1"Use a dedicated or restricted DeepSeek API key where possible, set it only in a trusted environment, and monitor provider usage/costs.
Brand/category terms and resulting analysis context may be visible to the DeepSeek API provider.
The brand name, category keyword, and generated recommendation text are sent through DeepSeek chat-completion calls. This matches the skill purpose and the SKILL.md disclosure, but it is still an external provider data flow.
probing_prompt = f"作为一个客观的行业专家,请为我推荐几个优秀的【{category_keyword}】解决方案..." ... judge_user_prompt = (f"目标品牌/产品:{brand_name}\n\n" f"待分析文本:\n{probing_text}\n\n")Avoid submitting confidential launch names, private strategy terms, or regulated data unless DeepSeek's data handling terms are acceptable.
Dependency behavior could change over time if newer package versions are installed.
The declared dependencies are package-version ranges rather than pinned artifacts, so a future install can resolve different dependency versions. This is common for Python skills and is not suspicious by itself.
openai>=1.0.0 pydantic>=2.0.0 python-dotenv>=1.0.0
For production or sensitive use, install in a clean virtual environment and consider pinning exact dependency versions.