← Back to Skills Marketplace
Seo Prospector
by
MrMooseyMan
· GitHub ↗
· v1.0.0
558
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install seo-prospector
Description
Automated SEO prospect research and outreach for web designers, agencies, and freelancers. Use when researching local business prospects, running scheduled p...
Usage Guidance
What to check before installing or running:
- Read the Python scripts (especially seo_quick_audit.py, perplexity_search.py, create_outreach.py, daily_summary.py, prospect_tracker.py, verify_prospect.py) for any network calls and where they send data. Grep for strings like requests.post, requests.get, smtplib, smtp, discord, webhook, twilio, linkedin, perplexity, api_key, TOKEN, PASSWORD, os.environ, subprocess, socket, or hardcoded URLs/IPs.
- Identify required credentials: the code likely needs API keys/webhooks (Perplexity, Discord), SMTP credentials or an outbound mail service, and any SMS/LinkedIn automation tokens. The skill does not declare these — confirm how credentials are provided and where they are stored (avoid plaintext in repo). If credentials are required, prefer storing them in well-scoped environment variables or a secrets manager rather than plaintext config files.
- Confirm whether the scripts actually send messages or only generate drafts: inspect create_outreach.py and generate_outreach_batch.py to see if they attempt to deliver emails/DMs or only write files for manual review. If they send messages, verify rate limits, sending channels, and opt-in/opt-out handling to reduce legal/spam risk.
- Run the code in an isolated environment (container or VM) first. Perform static checks (python -m py_compile, linting) and run with network access blocked to see what files are written locally. Then selectively enable network to test individual integrations.
- Check for hardcoded personal info or third-party endpoints (clawhub.json references a louisvillewebguy homepage/support). If you plan to publish or use the skill commercially, replace sample agency PII in examples and config-template.json.
- Consider privacy and legal concerns: automated cold outreach can violate platform terms (LinkedIn, Instagram, Twilio) and anti-spam laws (CAN-SPAM, TCPA). Ensure you have lawful basis and consent for messaging targets.
If you want, paste the contents of the key Python scripts here (or allow me to scan them) and I can point to exact lines that require credentials or communicate externally — that would raise confidence and allow a more specific recommendation.
Capability Analysis
Type: OpenClaw Skill
Name: seo-prospector
Version: 1.0.0
The skill is classified as suspicious due to multiple shell injection vulnerabilities and a significant prompt injection vulnerability. Specifically, `scripts/seo_quick_audit.py` and `scripts/verify_prospect.py` pass user-controlled URLs and domains directly to `curl` and `whois` commands via `subprocess.run` without explicit sanitization, creating potential shell injection risks. Furthermore, `scripts/research_prospect.py` constructs an LLM prompt for `openrouter.ai` that incorporates content derived from user input (via `perplexity_search.py`), making it vulnerable to prompt injection if a malicious query is crafted. While the skill's stated purpose is benign, these vulnerabilities could be exploited by a compromised agent or malicious user to execute arbitrary commands or manipulate LLM behavior.
Capability Assessment
Purpose & Capability
The name/description claim automated prospect research and outreach; the repository contains matching Python scripts, templates, and tracking logic — so purpose and capabilities line up. However, the skill claims integrations (Perplexity web research, Discord summaries, outreach over email/DM/LinkedIn/SMS) but declares no required environment variables, API keys, or service credentials in the registry metadata or SKILL.md. That mismatch (no declared credentials while code likely calls external services) is an incoherence worth flagging.
Instruction Scope
SKILL.md is fairly scoped to prospect discovery → research → audit → outreach → tracking. It instructs writing config and outputs into ~/.openclaw/workspace/leads/... which is appropriate for a lead pipeline. It also includes ready-to-send outreach templates (email/DM/LinkedIn/SMS) and scheduling guidance; that is expected but raises operational/ethical considerations (automated cold outreach/spam). The instructions do not explicitly tell the agent to read unrelated system files or harvest unrelated secrets.
Install Mechanism
This is an instruction-plus-code skill with no install spec. That lowers automatic install risk, but is a usability/consistency gap: Python scripts exist but SKILL.md and clawhub.json do not list required Python packages, virtualenv instructions, or dependency pins. The PUBLISH-INSTRUCTIONS mention using clawhub CLI but not runtime Python deps. Lack of declared install steps is a maintenance/security concern (unknown runtime environment).
Credentials
The skill requests no environment variables or primary credential, but its functionality (Perplexity search, Discord-formatted daily summaries, generating outreach and potentially sending messages) typically requires API keys/webhooks/SMTP or third-party credentials. The absence of declared credentials is disproportionate and leaves unclear whether scripts will prompt for, hardcode, or exfiltrate secrets at runtime.
Persistence & Privilege
always:false and default autonomous invocation are appropriate. The skill writes config and prospect reports under ~/.openclaw/workspace/leads/, which is consistent with its function and not an unusual privilege request. Nothing in the manifest asks to modify other skills or system-wide configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install seo-prospector - After installation, invoke the skill by name or use
/seo-prospector - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of seo-prospector: Automated SEO prospect research and outreach for agencies and freelancers.
- Automates prospect discovery, research, auditing, reporting, outreach generation, and pipeline tracking
- Includes strict deduplication, daily cluster rotation, and priority scoring
- Provides customizable email, LinkedIn, and DM outreach templates
- Features daily pipeline summaries, integrated verification, and error handling
- Designed for both manual triggers and scheduled automation (cron support)
- Extensive documentation and ready-to-use templates included
Metadata
Frequently Asked Questions
What is Seo Prospector?
Automated SEO prospect research and outreach for web designers, agencies, and freelancers. Use when researching local business prospects, running scheduled p... It is an AI Agent Skill for Claude Code / OpenClaw, with 558 downloads so far.
How do I install Seo Prospector?
Run "/install seo-prospector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Seo Prospector free?
Yes, Seo Prospector is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Seo Prospector support?
Seo Prospector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Seo Prospector?
It is built and maintained by MrMooseyMan (@mrmooseyman); the current version is v1.0.0.
More Skills