dfseo-cli
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent DataForSEO CLI helper for SEO research, but it uses paid API credentials and installs an unpinned external package.
This looks suitable for SEO work if you trust the dfseo package and understand DataForSEO billing. Before installing, verify the package source, use limited or dedicated credentials, avoid exposing passwords in shared shells, and require dry-runs or explicit limits for large API jobs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your DataForSEO account and consume API credits when running SEO queries.
The skill uses DataForSEO account credentials and can persist them locally; this is expected for the service but grants the CLI access to a paid API account.
Requires DataForSEO API credentials... export DATAFORSEO_LOGIN="your@email.com" ... DATAFORSEO_PASSWORD="your_api_password" ... dfseo auth setup ... saves to ~/.config/dfseo/config.toml
Use dedicated DataForSEO credentials where possible, keep the config file private, monitor account balance, and prefer explicit dry-runs or limits for expensive tasks.
You are trusting the current external dfseo package release to handle credentials and API calls correctly.
The installer fetches the latest dfseo package from pip without a pinned version. This is a normal CLI install path, but the installed code is supplied by the package index.
pip install dfseo
Install from a trusted environment, consider pinning a reviewed package version, and verify the package source before using production credentials.
A broad or raw request could submit larger or costlier DataForSEO jobs than intended.
Several commands document a raw-parameter escape hatch and bulk inputs. This is disclosed and purpose-aligned, but it can bypass the safer curated flags if used carelessly.
--raw-params TEXT Raw JSON payload (bypasses all other flags)
Ask the agent to use normal scoped flags first, set explicit limits, and run with --dry-run before large keyword, backlink, or site-audit jobs.