AEO Analytics Free
v1.0.0Track AI visibility — measure whether a brand is mentioned and cited by AI assistants (Gemini, ChatGPT, Perplexity) for target prompts. Runs scans, tracks me...
⭐ 0· 977·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md explicitly names a Gemini API key (GEMINI_API_KEY) as the primary method and describes grounding via Google Search, which is coherent with the skill's purpose. However the registry metadata declares no required environment variables or primary credential and no config paths. The skill also writes per-domain JSON files (aeo-analytics/<domain>.json) yet no storage/config path was declared in metadata. These inconsistencies mean the declared capabilities do not match the metadata advertised to the platform.
Instruction Scope
Runtime instructions tell the agent to: call the Gemini API with grounding, use web_search and optional web_fetch, search response text for brand names, and create/append a local JSON data file per domain. The scope is otherwise focused on scanning and reporting and does not ask to read arbitrary host files, but it does instruct persistence of scan history and suggests storing an API key in environment variables or the agent keychain. The SKILL.md's instructions therefore require access to external network services and local file write; those actions are reasonable for analytics but the metadata did not declare them.
Install Mechanism
Instruction-only skill with no install spec or code files. This minimizes installation risk because nothing is downloaded or executed on install.
Credentials
SKILL.md requires GEMINI_API_KEY (and suggests storing it in env or keychain), yet the registry lists no required env/primary credential. Requesting an API key is proportionate to the described Gemini-grounding functionality, but the platform metadata should declare this. Additionally, local storage of scan history (which may include excerpts of AI responses and cited URLs) implies persistent sensitive data — the skill asks for no deliberate data-scope limits in metadata.
Persistence & Privilege
always:false (normal) and the skill does not request elevated platform privileges. It will persist scan history to disk (aeo-analytics/<domain>.json) and suggests storing API keys in the agent keychain or env. Persisting user data and API keys locally is expected for this use case, but users should be aware that scan results and possibly API keys will be stored unless they change defaults.
What to consider before installing
Before installing, verify the skill's source and update metadata: confirm the publisher and check the GitHub repo referenced in SKILL.md. Expect that the skill will (a) call external services (Gemini + web searches), (b) persist scan history to a local JSON file (aeo-analytics/<domain>.json), and (c) needs a GEMINI_API_KEY stored in env or the agent keychain. Ask the publisher to update registry metadata to declare GEMINI_API_KEY and the config/storage path. If you proceed, limit exposure by: using a scoped or revocable API key, choosing a safe data-file location, reviewing any stored scan contents for sensitive info, and testing on non-production data first. If you cannot verify the source or metadata, do not install.Like a lobster shell, security has layers — review code before you run it.
latestvk974kvsjr7s53tppp7pcpjtrt9816njq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.