v2.0.0 is the largest release in Claude SEO’s history. Six build phases add a shared headless renderer, QRG-aligned content quality gates, deep Core Web Vitals analysis, four new schema generators, five new MCP extensions, and a full suite of local, international, and privacy improvements. The migration is designed to be low-friction: every v1.x command still works unchanged, and the two breaking changes are narrow security fixes with clear remediation paths.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/AgricIDaniel/claude-seo/llms.txt
Use this file to discover all available pages before exploring further.
Breaking Changes
1. backlinks_auth.py hard-fails without url_safety
In v1.x, backlinks_auth.py allowed a silent unsafe fallback when url_safety.py could not be imported. That fallback ran without any IP-range checks, meaning private-IP fetches were silently allowed.
In v2, importing backlinks_auth.validate_url raises RuntimeError at import time if scripts/url_safety.py cannot be loaded:
scripts/url_safety.py is present in your installation. Re-running install.sh resolves this. If you have custom scripts that import from backlinks_auth.py, verify they run in an environment where the full scripts/ directory is available.
2. seo-schema flags retired Schema.org types as Critical
v2 adds schema-deprecation awareness aligned with Google’s 2024–2025 retirement wave. If your site’s <script type="application/ld+json"> blocks include any of these types, the seo-schema skill will emit a Critical finding:
ClaimReviewVehicleListingEstimatedSalaryLearningVideoSpecialAnnouncementCourseInfo(carousel variant)
skills/seo-schema/references/deprecated-types-2024-2026.md for the recommended replacement per type. If you need to keep the markup for non-Google purposes (e.g., a third-party aggregator reads it), you can suppress the finding by removing that type from the deprecated list in the local seo-schema skill file and documenting the reason.
What’s New in v2
v2.0.0 shipped six build phases plus two additional phases (G: multi-platform portability, H: release signing) that are fully additive with no configuration required.Phase A — Headless Rendering Everywhere
The single largest architectural change in v2. A shared
scripts/render_page.py backed by Playwright Chromium replaces per-skill ad-hoc fetching. Every audit subagent now uses it via --render auto, which auto-detects SPA hallmarks (empty <div id="root"> shell, single bundle script, hydration markers) and switches to rendered fetching only when needed.Content extraction: trafilatura removes boilerplate and extracts the article body accurately on both static and rendered pages.Date extraction: htmldate extracts publication and modification dates for freshness signals, with multiple fallback strategies (meta tags, JSON-LD, visible date patterns, HTTP headers).Rendering flags:--render auto— default; SPA detection + conditional rendering--render always— force Playwright on every page--render never— raw HTML only, no Playwright dependency
seo-visual subagent separately and compare its Playwright snapshot against the raw-HTML subagent findings.Phase B — QRG-Aligned Content Quality Gates
Five new scripts add deep content quality analysis keyed directly to the September 2025 Quality Rater Guidelines.
A companion data file,
| Script | What it does |
|---|---|
scripts/content_quality.py | QRG-aligned filler detector, AI-pattern scorer, and information-density analyser |
scripts/content_humanize.py | 40+ deterministic AI-phrasing replacements keyed to QRG §4.6.5 and §4.6.6 |
scripts/content_verify.py | Claim extraction and citation-gap detection |
scripts/domain_history.py | WHOIS-driven expired-domain heritage check |
scripts/seo_updates.py | Primary-source Google updates changelog query tool |
data/google-updates.json, ships with 18 confirmed Google algorithm updates from 2024-03 through 2025-12 so seo_updates.py can answer “was there a Google update near my traffic drop?” without a live API call.Phase C — Technical and CWV Depth
Four new scripts extend the technical and Core Web Vitals analysis surface.
LCP subpart analysis requires CrUX API access (Tier 0 credential: free Google API key). IndexNow requires a Bing Webmaster account or the Bing Webmaster extension.
| Script | What it does |
|---|---|
scripts/lcp_subparts.py | LCP decomposition via CrUX: TTFB, load delay, load duration, render delay — localises the bottleneck to a specific subpart |
scripts/preload_check.py | Speculation Rules + bfcache + prerender + LCP preload audit |
scripts/indexnow_submit.py | Submit up to 10,000 URLs to IndexNow (Bing, Yandex, Seznam, Naver) in a single call |
scripts/unlighthouse_run.py | Multi-page Lighthouse via the MIT Unlighthouse CLI — runs site-wide rather than single-URL |
Phase D — Schema Completeness
Schema coverage expands with four new generators and an e-commerce policy validator.New JSON-LD generators (via
scripts/schema_generate.py):reservation— Reservation schema for bookings and appointmentsorder— OrderAction schema for e-commerce confirmation flowsdiscussion— DiscussionForumPosting schema for forum and Q&A contentprofile— ProfilePage schema for author and team member pages
scripts/schema_ecommerce_validate.py) checks Google Merchant Center listing requirements: hasMerchantReturnPolicy, shippingDetails, MemberProgram, EU energyEfficiencyClass, and ProductGroup variant structure.Deprecated types reference — skills/seo-schema/references/deprecated-types-2024-2026.md documents every retired rich-result type with the date Google retired it, the official retirement announcement, and the recommended replacement schema.Phase E — AI Search Reframing and 5 New MCP Extensions
Claude SEO’s GEO skill gains evidence-based primary-source reframes for three common myths, plus five new MCP extensions expand the live-data surface.Parasite-SEO scanner (
Evidence-based reframes added to
scripts/parasite_risk.py) detects site-reputation-abuse risk patterns per Google’s November 2024 policy update, including third-party content on high-authority domains that violates quality signals.Five new extensions (all in extensions/):| Extension | What it adds |
|---|---|
Ahrefs (extensions/ahrefs/) | Official @ahrefs/mcp server — backlink and organic keyword data |
SE Ranking (extensions/seranking/) | AI Share-of-Voice across ChatGPT, Gemini, Perplexity, AI Overviews, and AI Mode |
Profound (extensions/profound/) | Time-series LLM citation tracker for brand monitoring in AI answers |
Bing Webmaster (extensions/bing-webmaster/) | Bing Webmaster Tools plus IndexNow unified under a single extension |
Unlighthouse (extensions/unlighthouse/) | MIT multi-page Lighthouse runner for site-wide CWV analysis |
skills/seo-geo/references/llmstxt-evidence.md:- llms.txt is not currently a confirmed citation lever for AI Overviews
- Content chunking for AI is not required — synonym understanding is sufficient
- AI-specific keyword rewriting is unnecessary
Phase F — Local, International, and Privacy Polish
Three targeted improvements for local SEO, international SEO, and EU privacy compliance.
| Addition | What it does |
|---|---|
scripts/gbp_deprecation_lint.py | Detects retired Google Business Profile features: the GBP chat field, .business.site hosted website URLs, and Q&A references that no longer serve their original purpose |
skills/seo-google/references/dma-consent-mode-v2.md | EU click-through rate diagnostic for Consent Mode v2 + softened cookieless measurement framing aligned with current Google guidance |
skills/seo-hreflang/references/machine-translation-qa.md | Untranslated machine-translation detection per January 2025 QRG §4.6.5 — flags pages where automated translation has produced unreviewed low-quality content |
Security Hardening
v2 ships 83 new SSRF and DNS-rebinding bypass tests, closing the full obfuscated-IPv4, FQDN-trailing-dot, and redirect-rebinding bypass classes.| Vulnerability | Severity | Status |
|---|---|---|
| DNS rebinding via redirect target | HIGH | Closed |
Obfuscated IPv4 bypass in validate_url (decimal, hex, octal, leading zeros) | HIGH | Closed |
| FQDN trailing-dot bypass of metadata-endpoint blocklist | HIGH | Closed |
| IPv6 blind spot in Playwright route handler | MEDIUM | Closed |
| OAuth file-permission TOCTOU | LOW | Closed |
oauth-token.json) are now automatically chmod’d to 0o600 on every load and save. Files with legacy 0o644 permissions from pre-v2 installs are silently remediated in place — no user action required.
Test Coverage
| Suite | v1.9.9 | v2.0.0 |
|---|---|---|
| Manifest consistency | 13 | 13 |
| Lazy detection | 11 | 11 |
| Sync FLOW | 15 | 15 |
url_safety (new) | — | 83 |
render_page (new) | — | 27 |
| Content quality (new) | — | 25 |
| Technical depth (new) | — | 17 |
| Schema v2 (new) | — | 17 |
| Parasite risk + extensions (new) | — | 22 |
| GBP lint + polish (new) | — | 8 |
| Portability (new) | — | 10 |
| Total | 39 | 248 |
How to Upgrade
Re-running the installer is sufficient for most users. The installer is idempotent: it overwrites skill and agent files with the v2 versions and recreates the virtual environment if needed.~/.config/claude-seo/oauth-token.json will silently re-chmod it to 0o600. No manual permission fix is required.
Things That Did Not Break
The following were considered for breaking changes but ultimately kept backward-compatible:validate_urlboolean return contract — v2 still returnsbool. Usevalidate_url_strictfor the new strict DNS-rebinding behaviour.fetch_page()function signature — the--renderflag was added at the CLI layer only; the underlying function stays raw-mode by default.capture_screenshot()API — the pre-flight check is upgraded but the call signature and result dictionary are unchanged.- All v1.x command names —
/seo audit,/seo content,/seo schema, and every other v1 command work identically in v2.
