AEO Prompt Frequency Analyzer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims, but it uses a Gemini API key and sends the user’s prompt to Google, so users should be mindful of credentials, cost, and sensitive content.
This skill is reasonable to use if you are comfortable sending the analyzed prompt to Google Gemini and using your Gemini API quota. Before running it, set a dedicated Gemini API key, verify the Keychain item if using the example command, avoid sensitive prompt content, and keep runs/concurrency at modest values.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Large run counts or high concurrency could consume API quota or incur charges.
The skill is designed to make repeated concurrent Gemini API calls. This is disclosed and purpose-aligned, but users should notice that increasing these values can affect rate limits or API costs.
`--runs N` — Number of times to run the prompt (default: 10); `--concurrency N` — Max parallel API calls (default: 5; keep ≤5 to avoid rate limits)
Keep runs and concurrency modest, and confirm API cost expectations before large analyses.
The script can use the user’s Gemini API quota or billing account when invoked.
The skill requires a Gemini API key and suggests retrieving it from macOS Keychain. This is expected for Gemini API use, but it is sensitive credential handling and is under-declared by the registry metadata.
Gemini API key must be in `GEMINI_API_KEY` env var (stored in macOS Keychain under `nano-banana-pro`)
Use a dedicated or restricted Gemini API key, verify the Keychain item name before running the example command, and monitor API usage.
Sensitive or confidential prompt text would be transmitted to Google’s API.
The script sends the supplied prompt to Google’s Gemini API with Google Search grounding enabled. This is central to the skill’s purpose, but it means prompt contents leave the local environment.
url = f"https://generativelanguage.googleapis.com/v1beta/models/{model}:generateContent?key={api_key}" ... "contents": [{"parts": [{"text": prompt}]}], "tools": [{"google_search": {}}]Avoid including secrets, private customer data, or confidential business information unless that use complies with your data handling policies.