Skills
skills/sundial-org/awesome-openclaw-skills/seo-dataforseo/Gen Agent Trust Hub

seo-dataforseo

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is well-structured and performs its stated purpose using legitimate third-party services without any detected malicious patterns or security vulnerabilities.
  • [CREDENTIALS_UNSAFE]: The skill correctly implements credential management by instructing the user to store API login details in a .env file, adhering to security best practices to avoid hardcoded secrets.
  • [EXTERNAL_DOWNLOADS]: Dependencies listed in requirements.txt (dataforseo-client and python-dotenv) are standard, well-known libraries from public registries.
  • [DATA_EXFILTRATION]: Network activity is restricted to the intended DataForSEO API endpoints. No logic exists to access sensitive local files or transmit user data to unauthorized external servers.
  • [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted data from search engine results (via the DataForSEO API), the potential risk is mitigated by the lack of dangerous capabilities like dynamic code execution or shell command execution on the retrieved data.
  • Ingestion points: Data enters the system via API calls in scripts/api/serp.py and scripts/api/labs.py.
  • Boundary markers: None explicitly defined in the scripts.
  • Capability inventory: No usage of eval(), exec(), or subprocess calls on external data was found.
  • Sanitization: API responses are saved directly to JSON without transformation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 02:43 AM