Back to skill

Security audit

Technical Seo Checker

Security checks across malware telemetry and agentic risk

Overview

This SEO audit skill is mostly coherent, but it should be reviewed because it asks agents to run undeclared command-line helpers and can submit URLs to indexing services using tokens.

Install only if you are comfortable with the agent fetching and analyzing your site and related public infrastructure. Require explicit approval before any live index submission, use only owned production URLs, avoid private or staging URLs unless intentional, and prefer safer token handling than passing secrets on the command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s stated purpose is read-oriented technical SEO auditing, but it additionally documents a write-capable action that submits URLs to external indexing endpoints. That expands the trust boundary from passive analysis into external state-changing operations, which can cause unintended disclosure of internal/staging URLs or unauthorized publication actions if an agent invokes it without explicit user confirmation and ownership validation.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
A context-inappropriate write capability is present in a skill otherwise framed as an audit/checker. In agent environments, this mismatch is risky because users or orchestrators may expect observation-only behavior, yet the documented helper can mutate external systems by notifying search engines about URLs, potentially exposing sensitive endpoints or performing actions beyond the requested audit scope.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill is presented as a checker/audit tool, but it documents write-side external actions that can actively submit indexing notifications to third-party services. That changes the skill from passive assessment to outbound mutation, creating risk of unauthorized actions, unintended disclosure of URLs, and policy bypass if a user or agent invokes it without strong gating.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Certificate-transparency enumeration expands the skill from checking user-supplied SEO targets into broader reconnaissance of related infrastructure, including forgotten or staging subdomains. In a security context, that can expose unintended attack surface and exceed user expectations or allowed scope, especially when the manifest frames the skill as a technical SEO checker rather than a recon tool.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The manifest declares `allowed-tools: WebFetch`, but the instructions direct the agent to run local scripts and `curl` commands. This tool-capability mismatch undermines sandbox/policy assumptions, can lead hosts or reviewers to treat the skill as read-only when it actually instructs broader execution, and increases the chance of unsafe command execution or unauthorized network access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL 2.md:104

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL.md:104