Keyword Research

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only SEO keyword research skill with disclosed optional data use and memory saving, and no evidence of hidden execution or exfiltration.

Safe to install for normal SEO keyword research. Before using connected SEO or Search Console tools, verify account and site scopes; before saving results to memory, consider whether keyword priorities, competitor facts, or content plans are confidential.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger list includes broad, generic phrases such as 'what should I write about' and 'give me keyword ideas' that can match ordinary ideation requests and cause unintended invocation of this skill. In this context the consequence is mainly misrouting user intent and potentially causing unnecessary access to connected SEO data or memory-writing behavior, rather than direct code execution or privilege escalation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly states it writes research outputs and promotes conclusions into persistent memory files, but it does not present a clear upfront notice or consent boundary before storing potentially sensitive business context, competitor information, or user-provided data. In a skill ecosystem with shared memory, this can lead to unanticipated retention and later reuse of data across sessions or tasks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal