Back to skill

Security audit

Offsite Signal Analyzer

Security checks across malware telemetry and agentic risk

Overview

This appears to be an SEO analysis skill with some adjacent outreach and link-quality guidance risks, but no evidence of hidden execution, credential use, persistence, exfiltration, or destructive behavior.

Install only if you want SEO/backlink analysis guidance. Review any outreach drafts for consent, anti-spam compliance, and brand policy before use, and do not disavow foreign-language links based on language mismatch alone; require multiple quality signals and manual review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This file adds operational link-building outreach guidance, including cold-email templates and follow-up sequences, which exceeds the stated scope of a skill meant to analyze backlinks, off-site signals, and AI referrals. Scope expansion is dangerous because it can cause the agent to move from passive analysis into proactive external engagement, enabling unsolicited outreach or manipulative SEO actions that the user did not explicitly request and that may violate platform, legal, or organizational policies.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
This guidance can cause users to treat foreign-language backlinks as inherently suspicious without requiring evidence of manipulation beyond language mismatch. In an offsite-signal-analysis skill, that can drive improper disavow decisions against legitimate international, multilingual, diaspora, press, reseller, or organic referral links, harming SEO and introducing biased decision-making.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.