Back to skill

Security audit

On Page Seo Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a mostly transparent SEO-audit skill with some broader audit checklist items, but no hidden execution, data theft, or destructive behavior.

Install this if you want SEO audit guidance for pages or batches of URLs. Treat E-E-A-T, accessibility, and technical-performance findings as preliminary signals and use dedicated specialist skills for those decisions; only allow memory saves or connected SEO/Search Console data when you intend to share that context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The template materially exceeds the skill's declared scope by directing analysis of content quality, E-E-A-T signals, and technical on-page factors. This creates instruction drift: downstream agents may perform unsupported evaluations, produce misleading audit results, or make decisions based on areas the manifest explicitly says should be handled by other skills.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation explicitly instructs the agent to run CORE-EEAT and technical checks even though the skill metadata says those areas are out of scope. Such contradictions are dangerous because agent systems often follow detailed in-file instructions over higher-level descriptions, causing misrouting, policy bypass, and unreliable outputs that may overlap with other specialized skills.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This playbook expands the skill from the manifest’s stated single-page use case into bulk, site-wide auditing. That scope drift is dangerous because an orchestrator or downstream agent may invoke this skill for tasks it was not declared or reviewed to perform, leading to unreliable delegation, policy bypass around intended routing, and potentially excessive data collection or processing across many URLs.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The playbook introduces CORE-EEAT and publish-readiness style evaluation even though the skill metadata explicitly says those concerns belong to a different skill. This is dangerous because it can cause cross-skill scope contamination, inconsistent policy enforcement, and incorrect recommendations in areas requiring separate review criteria, making routing and trust assumptions about this skill invalid.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The rubric materially exceeds the declared scope of the skill by scoring content quality/E-E-A-T and page-level technical SEO, which can cause the agent to perform out-of-scope evaluations and return recommendations that belong to other specialized skills. This creates instruction/behavior drift and can mislead downstream users or orchestration logic that selected this skill specifically to avoid content-quality or technical-audit judgments.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The accessibility overlay introduces a separate high-priority audit domain not described in the skill manifest, increasing the chance that the skill surfaces legal/compliance findings outside its intended purpose. Because these issues are marked HIGH priority, they can dominate outputs and distort remediation priorities for a user who requested only on-page SEO analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.