Fully automated SEO content freshness engine. Monitors a keyword research reports directory, automatically generates landing pages and blog posts, runs SEO a...
Security Analysis
high confidenceThe skill's requested actions (reading a report directory, generating pages, updating navigation/sitemap, committing and pushing) match its description and instructions; nothing requested or instructed appears unrelated to the stated SEO automation purpose.
The name/description (automating keyword reports → pages → push) align with the runtime instructions: discover reports, parse, generate pages, register in navigation/sitemap, run audits, and git push. The required filesystem and git access are proportionate for this purpose.
SKILL.md instructs the Agent to read project files (navigation, blog, sitemap), create steering/hook files, modify .vscode/settings.json, write new pages and update processed.json, then commit/push. These are within the skill's scope but give the Agent broad write access to the repository—review steering templates and the hook prompt before enabling automated runs.
No install step or external downloads; this is an instruction-only skill (lowest install risk).
No environment variables or credentials are declared, which is consistent with an instruction-only skill. However, the pipeline relies on existing git credentials and an auto-deploy platform (Vercel/Netlify/etc.) to be present; those implicit privileges (ability to commit/push and trigger deploys) are expected for the stated functionality but are not explicitly listed.
always is false and autonomous invocation is allowed (default). The skill creates project-local hook/steering files and a processed.json state file — normal for this automation. It does not request permanent platform-level privileges or modify other skills' configs.
Guidance
This skill will create files in your repo (.kiro hooks, steering file, processed.json), update .vscode settings, generate new pages, and run git commit/push operations — so only install it in projects where you trust automated commits. Before enabling automation: (1) review and customize the provided steering template and hook prompt; (2) test on a feature branch or fork (do not push directly to production/main); (3) consider requiring PRs or branch protections instead of direct pushes; (4) ensure your CI/deploy pipeline and git credentials are configured safely; (5) decide whether processed.json should be committed or ignored; and (6) restrict the hook's report_dir pattern to a dedicated folder to avoid accidental triggering. If any of these steps are unacceptable, do not enable automatic runs and instead run the pipeline manually.
Latest Release
v1.0.0
Initial release — fully automated SEO content freshness engine, converts keyword research reports into deployed landing pages and blog posts with zero manual work
More by @kennyzir
Published by @kennyzir on ClawHub
