seo-forge

The script functions as a straightforward DataForSEO integration wrapper with a clear fallback path when credentials are absent. It performs expected data collection (SERP, PAA, volume, related keywords) and supports JSON output for automation. Security concerns are limited to credential handling in the execution context (process listings and logs) and potential JSON payload integrity issues if the keyword contains special characters. Overall, the approach is reasonable for its purpose but would benefit from input sanitization, explicit error handling, and safer credential handling.

SUSPICIOUS. The core SEO-writing purpose matches most capabilities, and the named external APIs are official and proportionate. However, the skill executes unseen scripts, processes untrusted web content while writing files, and extends trust to an unreviewed companion skill, so the overall risk is medium rather than benign.