Aaron SEO GEO
Security checks across malware telemetry and agentic risk
Overview
The visible files describe a coherent SEO/GEO assistant pack; the main things to notice are optional account integrations, automatic hooks, and persistent project memory.
This appears safe to install for SEO/GEO workflows if you are comfortable with its optional integrations and memory features. Before using it with real business data, review which MCP connectors you enable, grant minimal account permissions, and keep the project memory directory private.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run bundled hook logic during supported Claude Code events, depending on the host configuration.
This shows the pack is not purely passive Markdown in Claude Code: it can use lifecycle hooks that run command-backed checks. The behavior is disclosed and appears tied to guardrails/memory, but users should be aware.
Hook automation: `hooks/hooks.json` — command-backed hooks for SessionStart, UserPromptSubmit, PostToolUse checks, and a silent allow-only Stop check
Review the hook configuration before enabling it, and disable hooks in the host if you only want static SEO/GEO instructions.
If you connect these services, the agent may be able to read or act through those accounts according to the permissions you grant.
Optional connectors can authenticate to third-party accounts, including services that may affect analytics, hosting/CDN, CMS content, or collaboration data. The artifacts say this requires interactive setup and is optional.
Most new servers (Semrush, SE Ranking, SISTRIX, SimilarWeb, Cloudflare, Vercel, Webflow, Sanity, Contentful) use **OAuth** — authentication happens interactively on first use
Grant only the minimum scopes needed, connect only providers you trust, and review high-impact actions such as CMS, CDN, deployment, or Slack changes before approving them.
Information saved in memory files may be reused later and could affect future recommendations or expose sensitive project details in model context.
Persistent project memory can influence future sessions and may contain audit findings, competitor URLs, keywords, or entity data. The behavior is disclosed and includes privacy guidance.
Session hooks may read `memory/hot-cache.md` and `memory/wiki/*/index.md` into model context
Keep memory files out of public repos, review them for sensitive data, and periodically purge or archive old memory according to the documented workflow.
When configured, SEO, analytics, CMS, hosting, or chat data may flow through third-party MCP providers.
The plugin defines multiple remote MCP endpoints. These external agent/tool channels are explicit and purpose-aligned, but they create data boundaries users should understand when enabled.
"mcpServers": { "ahrefs": { "url": "https://api.ahrefs.com/mcp/mcp" }, ... "slack": { "url": "https://mcp.slack.com/mcp" } }Enable MCP servers selectively, confirm each provider endpoint and privacy policy, and avoid sending confidential content to connectors that are not needed for the task.