Back to skill

Security audit

Anti-SEO Researcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed consumer-research helper that runs local Python scripts and web searches, with privacy caveats but no evidence of deception or malicious behavior.

Install only if you are comfortable with the agent running the included Python scripts, sending your purchase queries to search engines, fetching third-party pages, writing reports, and keeping a local cache under the skill's scripts directory. Avoid using it for highly sensitive private research unless you clear the cache afterward and supervise which commands are run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The --fetch-content path causes the tool to retrieve arbitrary result URLs and process full page content, expanding the capability from search to general remote content access. In an agent setting, this can expose the host to unintended outbound requests, privacy leakage, and misuse as a limited SSRF-style fetch primitive against attacker-influenced URLs returned by search engines.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that when `web_search` is unavailable, the skill will automatically perform web scraping and invoke Python via `execute_command`. That behavior creates undeclared network activity and subprocess execution from a natural-language workflow, which is risky because users may not realize the skill can run local commands and make outbound requests beyond normal tool usage. In the context of an AI skill, automatic fallback increases danger because it broadens the execution surface without an explicit consent gate or clear warning at the point of use.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the AI to infer locale, language, and currency from the user's query and use those inferred attributes to drive all downstream behavior. Inferring regional attributes without explicit user confirmation can expose sensitive profile inferences, create privacy issues, and cause the agent to tailor external searches or outputs based on assumptions the user did not consent to.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The analyzer writes model outputs keyed by URL or content hash to a local JSON cache without any consent flow, retention policy, or controls around sensitive post data. In a consumer-research skill, analyzed posts may contain personal or sensitive information, and persistent local storage increases privacy and data-handling risk if the host environment is shared or compromised.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The script accepts a user-supplied path and reads/parses it as JSON without any trust boundary warning or path restriction. In an agent setting, this can lead to unintended local file access if a user or upstream prompt causes the skill to open sensitive files from the host environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When enabled, the tool issues follow-up requests to every result URL, transmitting the runtime's IP, headers, and access patterns to arbitrary third-party sites. In an agent environment this can leak behavioral metadata, trigger tracking, or contact attacker-controlled URLs returned by search results without the user's explicit awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends user queries to external search engines and may fetch third-party pages without clearly warning about disclosure of search terms and accessed URLs. In a consumer-research skill, user queries can contain sensitive commercial preferences or personal context, so silent transmission to external services creates a real privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.