Security Audit

seo-optimizer-pro

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

seo-optimizer-pro received a trust score of 27/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 6 findings: 1 critical, 2 high, 2 medium, and 1 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Missing required field: name.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

55%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

76%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores.	Manifest	skills/vedantsingh60/seo-optimizer-pro/seo_optimizer.py:117
HIGH	Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough.	Manifest	skills/vedantsingh60/seo-optimizer-pro/seo_optimizer.py:117
HIGH	Misleading Data Handling Claims Regarding External LLM Transmission The `SKILL.md` documentation makes contradictory claims regarding data handling. It states "✅ Not stored or transmitted to external servers" and "✅ Zero-knowledge architecture" while simultaneously stating "✅ Claude API processes via encrypted HTTPS". The Python code (`seo_optimizer.py`) explicitly sends user-provided content to external LLM APIs (e.g., Anthropic, OpenAI, Google, etc.) for processing. This creates a misleading impression that user content remains local and private, when in fact it is transmitted to third-party LLM providers. This poses a data exfiltration risk if users provide sensitive information believing it will not leave their local environment. Clarify that user content is transmitted to third-party LLM providers for processing, and that "zero-knowledge" refers to the skill itself not storing data, but not to the LLM providers. Remove contradictory statements like "Not stored or transmitted to external servers" to accurately represent data flow.	LLM	SKILL.md:290
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/vedantsingh60/seo-optimizer-pro/SKILL.md:1
MEDIUM	User Input Directly Embedded in External LLM Prompts The `seo_optimizer.py` skill constructs prompts for external Large Language Models (LLMs) by directly embedding user-provided `content` (after text extraction) without apparent sanitization or robust input validation. An attacker could craft malicious input within the `content` argument to manipulate the behavior of the external LLM, potentially leading to unintended outputs, disclosure of internal prompt instructions, or other adversarial actions against the downstream LLM. This is a prompt injection vulnerability against the external LLM, not the host SkillShield LLM. Implement robust input sanitization and validation for user-provided `content` before embedding it into prompts for external LLMs. Consider using techniques like prompt templating with strict variable separation, input filtering, or content moderation APIs to mitigate prompt injection risks.	LLM	seo_optimizer.py:300
LOW	Unpinned Dependencies in Python Project The provided Python script `seo_optimizer.py` relies on external libraries such as `anthropic`, `nltk`, `bs4`, and `requests`. However, there is no `requirements.txt` or similar dependency management file that pins these dependencies to specific versions. This lack of version pinning introduces a supply chain risk, as future updates to these libraries could introduce breaking changes, vulnerabilities, or even malicious code without explicit review, potentially impacting the skill's stability or security. Create a `requirements.txt` file (or `pyproject.toml` with `poetry.lock`/`pipenv.lock`) that explicitly lists and pins the exact versions of all direct and transitive dependencies. Regularly review and update these pinned versions.	LLM	seo_optimizer.py:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7a3df1b9012681a7.svg)](https://skillshield.io/report/7a3df1b9012681a7)