ClawHub
Back to skill
v0.1.5

Seo Content Brief

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:30 AM.

Analysis

This is a coherent SEO briefing skill, but it relies on an external CLI, login, and third-party search apps that users should review before use.

GuidanceThis skill appears safe for normal SEO content planning. Before installing, verify the inference.sh CLI source, understand that `infsh login` uses an external account, and avoid submitting confidential client or internal strategy details to the search/extraction apps.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash(infsh *)

The tool permission permits any `infsh` command, not only the specific SEO search and extraction commands shown in the examples.

User impactIf invoked broadly, the agent could use other inference.sh CLI functions beyond the documented SEO workflow.
RecommendationUse the skill for the documented SEO research workflow and review any proposed `infsh` command that is not a search or extraction step.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -fsSL https://cli.inference.sh | sh && infsh login

The quick start asks the user to install an external CLI by piping a remote script to the shell. This is disclosed and purpose-aligned, but it depends on trusting that remote install source.

User impactInstalling the CLI runs code from inference.sh on the user’s machine.
RecommendationPrefer the documented manual install and checksum verification, and only install from the official inference.sh domain.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
infsh login

The workflow requires logging in to the external inference.sh CLI, even though the registry metadata declares no primary credential.

User impactThe skill may operate using the user’s inference.sh account/session and any permissions or billing associated with it.
RecommendationLog in with the intended account only, review inference.sh account permissions and usage costs, and log out if the CLI should no longer be available.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
infsh app run tavily/search-assistant --input ...; infsh app run tavily/extract ...; infsh app run exa/search ...

The skill sends search queries and URLs to external inference.sh apps backed by search/extraction providers.

User impactSEO keywords, competitor URLs, or client research topics entered into the workflow may be shared with external services.
RecommendationAvoid entering confidential client strategy, unreleased product names, or sensitive internal URLs unless those providers are approved for that data.