SEO Optimizer Pro
Security checks across malware telemetry and agentic risk
Overview
This skill appears purpose-aligned for SEO analysis, but it uses your AI-provider API keys and sends submitted content to third-party model providers, which users should review for privacy and cost.
Before installing, choose one provider, install only that provider’s SDK, use a limited API key if available, and avoid sending confidential content unless you accept that provider’s privacy and retention terms.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Drafts, webpages, or marketing material you submit may be processed and retained according to the selected AI provider’s policies.
The skill’s core function sends user-provided content to external model providers; this is disclosed and purpose-aligned, but it creates a third-party data boundary users should understand.
Your content IS sent to third-party AI providers. Each provider has different data retention policies
Do not submit confidential content unless the chosen provider’s privacy and retention terms are acceptable.
Running analyses may use your provider account and incur API charges.
The skill uses delegated provider credentials and can consume paid API quota; this is expected for the stated AI-provider integration but should be noticed before use.
You provide your own API key for your chosen AI provider ... You are billed directly by that provider for API usage
Use a scoped or budget-limited API key where possible, monitor usage, and remove keys when no longer needed.
Installing dependencies may pull newer SDK versions than the author tested.
The skill relies on third-party SDKs with lower-bound version constraints rather than a lockfile; this is normal for provider integrations but affects dependency reproducibility.
anthropic>=0.40.0 openai>=1.60.0 google-generativeai>=0.8.0 mistralai>=1.3.0
Install only the SDK for the provider you plan to use and consider pinning exact versions in your own environment.
If you choose an omitted provider such as DeepSeek, xAI, MiniMax, or Qwen, you may not get a clear in-artifact link to that provider’s privacy terms.
The manifest advertises additional providers, but the privacy warning’s provider list omits some of them, so privacy documentation is incomplete for all supported routes.
description: "... DeepSeek, Grok, MiniMax, Qwen, Llama, Mistral ..." ... third_party_data_sharing: "... Anthropic, OpenAI, Google, OpenRouter, or Mistral"
Review the privacy policy for the exact provider selected and update documentation to list every supported provider.