Back to skill

Security audit

Brand Butler: Local Authority Engine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only local SEO skill, but it contains unsafe credential-handling instructions that users should review before installing.

Use only as a supervised SEO checklist. Do not paste passwords, mailbox credentials, one-time codes, reset links, API keys, or recovery details into chat, and do not store passwords in spreadsheets or markdown trackers. Use a password manager, complete logins and verifications yourself, and require explicit approval before changing business listings, paid placements, Search Console settings, or public profiles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill repeatedly states that it never requests or handles credentials, but the blocker table says to 'provide login credentials' for email verification. That contradiction creates a clear path for an agent to solicit, relay, or expose account credentials in chat, which is dangerous because conversational logs are not an appropriate secret-handling channel and users may trust the skill's earlier assurances.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
Telling the agent to provide login credentials directly conflicts with the stated credential-handling policy and can normalize insecure secret sharing. In the context of directory/email verification workflows, this increases the likelihood that users disclose mailbox credentials or that the agent retransmits them, leading to account compromise and exposure of sensitive business communications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The submission tracking template explicitly tells operators to record account passwords alongside directory names and login emails, which encourages insecure credential storage in a general-purpose tracker. If that document is shared, synced, or compromised, attackers could take over business listings, pivot into reused accounts, or alter public business information at scale.

Ssd 3

High
Confidence
99% confidence
Finding
This line creates a plain-language secret exposure path by instructing the agent to provide login credentials during email verification. Because the skill otherwise presents itself as safe and credential-free, the contradiction is especially dangerous: users may lower their guard and share sensitive mailbox access needed for directory verification, enabling account takeover or downstream compromise.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.