Local Falcon
ReviewAudited by ClawScan on May 1, 2026.
Overview
No malicious behavior is evident; this is a coherent instruction-only SEO skill, but its optional Local Falcon MCP connection can use an API key, access account data, spend scan credits, and create recurring tracking.
This skill is safe to treat as instruction-only SEO guidance unless you choose to connect the Local Falcon MCP. Before doing that, review the @local-falcon/mcp package, protect the API key, and explicitly approve any scan, campaign, or monitoring action that could use credits or change account settings.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the MCP is connected, an agent could run scans that use credits or change tracking/campaign settings.
The optional MCP tools can perform credit-consuming scans and create or modify Local Falcon account workflows. This is aligned with the SEO analysis purpose, but it is account-affecting behavior.
`runLocalFalconScan` | Execute new scan (uses credits) ... `createLocalFalconCampaign` | Create new scheduled campaign
Require explicit user confirmation before running scans, saving locations, creating campaigns, or changing Falcon Guard settings.
The configured MCP server can act with the permissions of the Local Falcon API key.
The MCP setup requires placing a Local Falcon API key into the agent's MCP configuration. This credential use is expected for live Local Falcon data access.
"env": { "LOCAL_FALCON_API_KEY": "your-api-key-here" }Use a dedicated API key if available, store it securely, rotate it if exposed, and avoid connecting accounts the agent should not access.
Connecting MCP may run code obtained from npm, and future package changes could affect behavior.
The skill recommends installing and invoking a separate npm MCP package without a pinned version. This is purpose-aligned, but the external package is outside the instruction-only skill itself.
npm install @local-falcon/mcp ... "command": "npx", "args": ["@local-falcon/mcp"]
Install only from the expected Local Falcon package, consider pinning a reviewed version, and review the MCP package before providing an API key.
Business performance, location, review, and account data may appear in the agent conversation or related logs.
When MCP is connected, Local Falcon account, location, scan, and report data can be brought into the agent context for analysis.
ORCHESTRATION MODE - You can pull real data and provide specific, data-driven analysis
Connect only data you are comfortable processing in the agent environment, and avoid requesting analysis of sensitive accounts in shared chats.
Recurring scans or monitoring may continue to run and consume credits until paused or removed.
The MCP workflow can create scheduled campaigns that continue running after setup. This is disclosed and relevant to rank tracking, but it is persistent behavior.
"would you like to set this up as a Campaign? That way it runs automatically on a schedule"
Set recurring campaigns only intentionally, review their schedule and credit use, and know how to pause or remove them.