dataforseo-cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward DataForSEO keyword-research CLI guide, with normal but important credential, cost, and local-cache considerations.

Before installing, verify the npm package and GitHub repository, use dedicated DataForSEO credentials if possible, avoid entering real secrets directly in commands that may be saved to shell history or logs, monitor API usage costs, and clear the local cache when keyword research is sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to pass API login/password or a base64 credential token directly as command-line arguments. Secrets provided this way can be exposed via shell history, terminal logging, process listings, CI logs, or agent traces, which can leak reusable DataForSEO credentials to other local users or downstream systems.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal