Technical SEO Mastery

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SEO audit playbook whose web checks fit its purpose, but users should control any access to private logs or SEO accounts.

Before installing or using it, decide whether the target site is public or sensitive. For routine public-site audits, the risk is low. For private staging sites, server logs, Search Console exports, analytics data, or site-fix access, use limited-scope accounts, redact secrets, review proposed changes, and prefer staging or read-only access first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill repeatedly instructs the agent to fetch live URLs, inspect headers, parse robots.txt and sitemaps, and analyze logs/Search Console data, but it does not require user confirmation or warn that these actions may send target domains and operational data to external tools and services. In a security-sensitive environment, that can expose private infrastructure details, unpublished URLs, crawl patterns, redirects, and other sensitive metadata to third-party providers without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal