Serpzilla SEO Guest Posting Skill for OpenClaw
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could spend Serpzilla balance or alter SEO placements if given broad or ambiguous instructions.
This shows the skill can perform paid purchases and mutate existing placements. The provided artifacts do not show explicit budget caps, approval checkpoints, or domain/placement scope limits before those high-impact actions.
automate the purchase of guest posts and link insertions ... Buy four types of placements ... Manage purchased placements (approve, cancel, request teardown, etc.)
Require explicit user confirmation for each purchase or bulk action, define maximum spend and allowed domains, and use dry-run/search-only steps before buying or changing placements.
If the external image changes or is compromised, it could misuse the Serpzilla API token or perform unintended account actions.
The setup runs an external Docker image using the mutable ':latest' tag with sudo and passes the user's Serpzilla credentials into it. The runnable MCP server code is outside the supplied artifact set.
npx mcporter config add serpzilla --stdio "sudo docker run -i --rm --env SERPZILLA_LOGIN=XXX --env SERPZILLA_API_TOKEN=YYY stanislavusbest/serpzilla-mcp-stdio-server:latest"
Pin the Docker image by digest or audited version, avoid sudo where possible, review the MCP server source, and use a revocable least-privilege Serpzilla token.
Anyone or anything with access to that token may be able to act on the user’s Serpzilla account, including paid placement operations depending on token permissions.
The skill requires Serpzilla account credentials/API token access. This is expected for the integration, but the registry metadata declares no required environment variables or primary credential.
request the user to provide values for the environment variables SERPZILLA_LOGIN ... and SERPZILLA_API_TOKEN
Use a dedicated token, rotate it if exposed, avoid sharing it in chat/history when possible, and document the credential requirement clearly in metadata.