Is seo-optimizer safe?

https://clawhub.ai/Veeramanikandanr48/seo-optimizer

82
SAFE

This SEO optimizer skill is a legitimate, well-structured tool for HTML/CSS SEO analysis. It bundles two Python scripts that use only stdlib modules, make no network requests, and contain no obfuscated or malicious code. The primary security consideration is that the skill grants implicit code execution capability through its Python scripts, and the sitemap generator has file-write capability. No prompt injection, data exfiltration, or malicious clone behavior was detected.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 65/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

MEDIUM Skill includes executable Python scripts -25

The skill bundles two Python scripts (seo_analyzer.py, generate_sitemap.py) that are designed to be executed by the agent. While both scripts use only Python stdlib and contain no malicious code, their presence means the skill grants implicit code execution capability. The scripts read files from user-specified directories and one (generate_sitemap.py) writes output files.

LOW Broad activation trigger in skill description -5

The skill's description uses broad activation language ('Any task related to search engine optimization') which could cause the agent to invoke this skill's workflow (including Python script execution) for loosely related queries. This is an over-eager activation concern, not a prompt injection per se.

LOW External URL references for testing -10

The skill references several external Google URLs as testing endpoints. While these are informational suggestions for the user (not agent fetch directives), an overly compliant agent might attempt to fetch or interact with these URLs.

LOW File write capability via sitemap generator -10

generate_sitemap.py writes an XML sitemap file to a user-specified path. While this is expected functionality, it provides file-write capability that could be abused if the output path were manipulated.

INFO Host runtime reads sensitive config files during install -5

The filesystem monitoring shows reads of .env, .aws/credentials, and .openclaw config files during installation. These reads originate from the openclaw runtime bootstrap process, not from the skill itself. No skill-initiated sensitive file access was detected.

INFO Skill is a legitimate SEO toolchain with no malicious indicators -30

The skill provides genuine SEO analysis functionality. All code is readable, uses only Python stdlib, makes no network requests, and contains no obfuscation. The primary risk is that it includes executable scripts, which is inherent to its functionality but requires trust in the skill author for future updates.