Serpzilla SEO Guest Posting Skill for OpenClaw

The skill facilitates SEO automation by instructing the agent to run a third-party Docker image (stanislavusbest/serpzilla-mcp-stdio-server) with elevated privileges (sudo) and sensitive API credentials (SERPZILLA_API_TOKEN) passed as environment variables. While these actions are aligned with the stated purpose of using the Serpzilla platform via the Model Context Protocol (MCP), the reliance on an unverified external container image to handle secrets and execute system-level commands poses a significant supply chain risk. These indicators are primarily found in SKILL.md and README.md.