Content Keyword Tracker
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s stated purpose is understandable, but its privacy claims, credential declaration, and missing runnable code create review-worthy ambiguity.
Review the README carefully before installing. Only use nonsensitive keywords unless you are comfortable sending them to Tavily and any configured webhook, and do not run any missing or separately obtained `index.js` file unless you can verify its source.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might believe keywords and reports remain fully local even though the workflow involves external services.
These privacy statements are overbroad for a skill that also says it uses the Tavily API for searches and can send reports to a webhook.
- All data processing happens locally on your machine - No external servers store your keyword data - Webhook endpoints are only used for report delivery
Treat searched keywords and generated reports as data that may be sent to Tavily and any configured webhook; avoid sensitive keywords unless you trust those services.
The skill may not work as documented, and its actual runtime behavior cannot be verified from these artifacts.
The documented entry point is not included in the provided file manifest, which contains only SKILL.md and keywords.txt.
Run with: ``` node index.js ```
Do not run or download additional code for this skill unless it comes from a trusted, reviewable source.
Installing users may not realize in advance that they need to provide a sensitive API credential.
The skill requires a provider API key for its stated function, while the registry metadata lists no required environment variables or primary credential.
- TAVILY_API_KEY: Your Tavily API key for search functionality
Use a dedicated, least-privilege Tavily key if available, keep it in environment variables, and rotate it if exposed.
Keywords, search context, and generated report content may be visible to Tavily and to the webhook service you configure.
The skill discloses external API use and optional webhook delivery, which are purpose-aligned but can transmit keywords and report contents outside the local machine.
perform searches using Tavily API, generate a comprehensive markdown report, and optionally send it to your configured webhook
Use trusted webhook endpoints only, and avoid including confidential strategy, customer, or research terms unless external sharing is acceptable.