Is seo-competitor-analysis safe?

https://clawhub.ai/qqyule/seo-competitor-analysis

82
SAFE

This SEO competitor analysis skill is benign in its current form. It contains no executable code, no data exfiltration instructions, no prompt injection attempts, and no suspicious installation behavior. The primary concerns are: (1) references to non-existent files (competitor_finder.py, seo_metrics_guide.md) that could be populated with malicious content in future updates, (2) the inherent second-order prompt injection risk from ingesting arbitrary web content during competitor analysis, and (3) the broad tool access pattern (web_search + web_fetch + browser) which is appropriate for the stated purpose but provides a wide attack surface if the skill were modified.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (7)

LOW Broad tool access request -5

The skill requests access to web_search, web_fetch, and browser tools. While consistent with SEO analysis, the browser tool provides particularly broad capability for arbitrary web navigation.

LOW Phantom script reference -10

SKILL.md references scripts/competitor_finder.py which does not exist in the installed skill. This is benign currently but could serve as a trojan path — a future version could ship the script and it would appear to be a documented, expected component.

LOW Missing referenced file: seo_metrics_guide.md -5

SKILL.md references references/seo_metrics_guide.md which does not exist in the installed skill. Only references/report_template.md is present. This is a quality issue rather than a security issue, but missing files could be populated with malicious content in future updates.

INFO Platform runtime accessed sensitive files during install -5

The OpenClaw platform runtime read .env and .aws/credentials during the installation process. This is platform behavior (not skill-triggered) but is noted for completeness. The skill itself does not instruct or cause this access.

LOW Implicit data flow via web tools -5

The skill's workflow involves fetching competitor websites and analyzing their content. While this is the expected use case, the web_fetch and browser tools inherently allow outbound data flow. An agent following these instructions could inadvertently include sensitive user data in URL parameters or request headers when fetching competitor sites.

LOW Content from fetched pages enters agent context -10

The skill instructs the agent to fetch and analyze competitor web pages. Content from these pages enters the agent's context window, creating a second-order prompt injection surface. A competitor's website could contain adversarial content designed to manipulate the agent.

INFO Supply chain update risk -10

The skill is version 1.0.0 with a simple structure. Future updates could introduce the missing scripts/competitor_finder.py or references/seo_metrics_guide.md with malicious content. The current version establishes trust that later versions could exploit.