Back to skill

Security audit

On Page Seo Checker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SEO audit skill with some overbroad audit templates, but I found no deception, destructive behavior, or credential-stealing behavior.

Install only if you want an SEO audit assistant that may fetch pages, inspect page structure, and optionally summarize results to memory. Keep local helpers, Firecrawl/rendered fetches, Search Console exports, and bulk sitemap audits under explicit user approval, especially for private or unpublished content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill declares only WebFetch as an allowed tool, but instructs the agent to invoke local Python scripts and rendered-DOM checks outside that declared capability boundary. This creates a tool-policy mismatch that can lead hosts or wrappers to execute undeclared local code or network-enabled helpers, undermining sandbox assumptions, review controls, and least-privilege restrictions.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The template explicitly includes 'Content Quality' and a 'CORE-EEAT Quick Scan' even though the skill metadata says it is not for E-E-A-T or publish-readiness scoring. This creates scope drift: the agent may produce unsupported or conflicting assessments outside its declared remit, increasing the chance of misleading users and unsafe automation decisions based on the wrong skill.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The 'Technical On-Page' section asks for canonical, speed, mobile, and schema checks, while the skill description says crawl/CWV/indexing should use the technical-seo-checker. This can cause the agent to overstep into adjacent technical-audit domains, yielding incomplete or incorrect diagnostics that users may mistake for authoritative technical SEO analysis.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The template directs the skill to perform content quality and E-E-A-T evaluation even though the manifest explicitly says this skill is not for E-E-A-T or publish-readiness scoring. This creates scope drift that can cause the agent to produce outputs outside its intended safety and product boundaries, leading to incorrect routing, misleading audits, and overlap with other specialized skills.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The template includes technical on-page checks such as canonical, speed, mobile, HTTPS, and schema, despite the manifest stating crawl/CWV/indexing concerns belong to a separate technical SEO skill. This can cause the agent to exceed its role, return mixed or low-confidence technical judgments, and undermine skill isolation and reliable tool selection.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation says E-E-A-T scoring is out of scope, but later defines a CORE-EEAT quick scan and scales it into the final score. This internal contradiction is dangerous because agents often follow the most concrete instructions available, so the scoring section may override the intended boundary and systematically generate unauthorized or misleading assessments.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The playbook explicitly broadens the skill from single-page audits to site-wide and bulk audits, which conflicts with the manifest’s stated scope. This can cause the agent to operate outside its advertised boundaries, leading to misuse, incorrect skill routing, and lower-quality or misleading outputs for requests that should be handled by a different skill.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
Accepting sitemap URLs and GSC exports for multi-URL analysis materially expands the operational scope beyond a narrow single-page on-page audit. In practice, this can route broader data-analysis tasks to a skill not designed for them, increasing the chance of incomplete analysis, accidental overreach, or mishandling of inputs that belong to technical SEO or portfolio-level workflows.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The playbook instructs evaluators to capture a CORE-EEAT profile even though the manifest explicitly says this skill is not for E-E-A-T or publish-readiness scoring. That contradiction can cause the agent to produce out-of-scope judgments presented under the authority of the wrong skill, reducing trust and potentially leading users to make content-quality decisions based on an unsupported workflow.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The recommended fixes include author bios, credentials, original stats, citations, and related CORE-EEAT interventions, directly contradicting the manifest’s exclusion of that domain. This is dangerous because it encourages users to treat this skill as an authority on content-quality and trust signals, creating scope confusion and increasing the risk of unsupported or inconsistent recommendations across the skill ecosystem.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The rubric materially expands the skill beyond its declared scope by scoring E-E-A-T/content quality and page-level technical SEO, even though the manifest explicitly says those areas should be handled by other skills. This can cause the agent to perform unauthorized or misleading analysis, route work incorrectly, and produce recommendations outside the promised capability boundary.

Context-Inappropriate Capability

Low
Confidence
76% confidence
Finding
The file adds a WCAG accessibility overlay as a high-priority audit dimension despite the skill being described as an on-page SEO checker rather than an accessibility auditor. While not inherently malicious, this broadens the skill’s behavior and may lead to unsupported compliance-style judgments, priority inflation, or user confusion about what the skill is qualified to assess.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The rubric materially expands the skill beyond its declared scope by requiring content-quality, E-E-A-T, accessibility, and technical performance judgments. In an agent setting, this can cause the skill to produce misleading audits, over-collect evidence, or make decisions that should be delegated to other specialized skills, increasing the chance of incorrect recommendations and policy drift.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Embedding WCAG 2.2 AA compliance checks as high-priority responsibilities in an on-page SEO skill creates scope confusion and may lead the agent to present accessibility compliance conclusions without the right mandate or validation depth. That is dangerous because users may rely on incomplete accessibility assessments or because the skill may override routing to a dedicated accessibility or technical auditor.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.