Is seo safe?

https://clawhub.ai/ivangdavila/seo

92
SAFE

This is a benign, passive SEO reference skill containing only markdown-formatted best practices for HTML meta tags, headers, and content optimization. It contains no executable code, no agent behavioral instructions, no data exfiltration vectors, and no prompt injection patterns. The only minor concern is an unused declaration of 'curl' and 'jq' binary dependencies in metadata, which currently has no effect but warrants monitoring across version updates.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Declared binary dependencies not used in skill content -10

The skill metadata declares requirements for 'curl' and 'jq' binaries, but the SKILL.md content never references or uses these tools. This mismatch is not currently exploitable but could indicate future intent to add network-capable instructions, or could be a copy-paste artifact from a template.

INFO Reference to external validation URL -5

The skill references schema.org/validator for structured data validation. This is a legitimate, well-known public resource and poses no exfiltration risk. It is mentioned as documentation guidance, not as an agent instruction to fetch.

INFO Platform runtime accessed sensitive config files during install -15

The OpenClaw installer runtime read .env, .aws/credentials, and internal .openclaw/ configuration files. This is attributable to the platform bootstrapping process, not the skill itself. The skill contains no code that could trigger these reads. However, the .aws/credentials access by the platform is worth noting for platform-level security review.

INFO No executable code present -5

The skill consists entirely of a markdown file with SEO guidelines. No scripts, hooks, or executable artifacts were found.