ClawAudit verdict
seo-optimizer-pro
This skill seems to be a genuine SEO optimization tool, with no obvious malicious intent.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
Possible hardcoded credential
manifest.yaml ยท prose ยท downgraded ยท credential: "At least ONE provider API key is required (see required_env_vars)
Python os.getenv โ reads environment variable
seo_optimizer.py ยท prose ยท downgraded ยท os.getenv(
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.