Back to skill

Security audit

Performance Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SEO reporting and alert-planning skill with only minor scope and language clarity issues.

Install if you want an SEO/GEO reporting and alert configuration assistant. Before using connected analytics, Search Console, SEO, Slack, SMS, or email tools, confirm which accounts and channels are in scope, and decline memory saving unless you want the monitoring summary retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The `when_to_use` field includes broad phrases like `月报`, `周报`, and `汇报给老板`, which can appear in many general workplace requests outside the intended SEO monitoring context. Although the line also includes SEO-specific examples, these standalone phrases are not constrained with negative examples or explicit scope limits, increasing the chance of accidental activation.

Natural-Language Policy Violations

Low
Confidence
88% confidence
Finding
The skill name, summary, description, and usage guidance embed both Chinese and English phrases, but the file does not state whether output language follows user preference or provide an opt-in language choice. This can create a locale-policy issue if the skill defaults to mixed-language behavior without explicit user selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.