Security audit

Cashclaw Seo Auditor

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent SEO auditing workflow that fetches requested websites and creates local report deliverables, with no artifact-backed evidence of malicious behavior.

Before installing, confirm you are comfortable with an unpinned npm dependency and with the skill creating audit reports and raw audit JSON in the mission deliverables directory. Use it only on sites you are authorized to audit, and review generated files before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The skill directs the agent to create files, package outputs, and optionally convert reports to PDF, but it does not warn users that local filesystem changes will occur. In most environments this is low risk and expected for a reporting workflow, but in shared or sensitive workspaces it can lead to unanticipated file creation, data retention, or accidental overwrites if paths and naming are not tightly controlled.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal