Beta SEO Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a simple SEO helper that fetches a user-provided page and prints basic metadata, with no hidden persistence, credential use, or destructive behavior found.

Install only if you are comfortable with a skill that fetches URLs you provide. Use it for public websites you intend to analyze, and do not pass localhost, private network, cloud metadata, file, or other sensitive internal URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly instructs users to run a Python script against arbitrary URLs, which implies outbound network access, yet no corresponding permission is declared in the skill metadata. Undeclared network capability is dangerous because it hides the real trust boundary from users and platform policy enforcement, making SSRF-style access, unexpected external requests, or data exfiltration harder to detect and govern.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal