Back to skill

Security audit

SEO Audit Pro

Security checks across malware telemetry and agentic risk

Overview

This is a simple SEO-audit skill that fetches web pages for analysis, with no hidden install hooks or persistence found.

Install this if you want an agent to perform SEO audits on public pages. Before use, confirm which URL and keyword should be audited, and avoid supplying private or authenticated pages unless you are comfortable with the agent fetching that page and related competitor pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad natural-language phrases like "check SEO" and "SEO issues," which can match ordinary conversation and cause the skill to activate when the user did not clearly request this specific workflow. Unintended activation is risky here because the skill's process includes fetching external URLs and competitor pages, which could trigger unnecessary network access, unexpected data processing, or actions beyond user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says it will load the target URL and compare against top-ranking competitor pages, but it does not warn the user that it will perform external fetches beyond the provided page. This reduces informed consent and can lead to unexpected network requests, access to third-party content, and possible disclosure of the user's research interests or internal targets if a private URL is supplied.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.