Ai Search Rank Tracker
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a normal AI visibility tracker, but it uses local setup commands and third-party AI provider keys that users should handle carefully.
Before installing, check the bootstrap script/package files, use separate API keys with spending limits, keep `.env` private, and avoid putting confidential business data into prompt sets sent to external AI providers.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the bootstrap can modify the local project environment or install dependencies.
The skill asks the user to run a local shell script. This is disclosed and purpose-aligned for setup, but users should recognize that it executes local code.
Use the one-click bootstrap: ```bash bash scripts/install.sh ```
Review the install script and package files before running the bootstrap, and run it from a trusted checkout.
Provider API keys may incur charges or expose access to AI accounts if mishandled.
The skill expects provider API credentials. That is normal for querying AI engines, but the credentials can spend quota or access provider accounts.
- Configure keys in `.env` - OpenAI-compatible backends are supported - Anthropic is supported - OpenRouter / EZRouter-compatible setups can be wired through environment variables
Use dedicated provider keys where possible, set spending limits, keep `.env` private, and avoid committing keys to shared repositories.
Brand names, aliases, prompt sets, and possibly competitive strategy terms may be sent to external AI providers.
The core workflow sends brand and prompt data to external AI engines or compatible provider backends. This is expected for the stated purpose, but users should treat it as a third-party data flow.
Track whether ChatGPT, Claude, Gemini, and Perplexity recommend a startup or brand across a prompt set.
Do not include confidential strategy, unreleased product details, or sensitive customer data in prompt sets unless the chosen provider’s privacy terms are acceptable.