B2B官网SEO全维度审计

Security checks across malware telemetry and agentic risk

Overview

This skill performs a disclosed B2B SEO audit workflow and generates local reports, with no evidence of credential access, destructive behavior, persistence, or exfiltration.

Install is reasonable if you want an SEO audit assistant. Before running it, provide only public website URLs, expect it to perform public web lookups and create report files in your workspace, and review generated HTML before sharing because it may include the audited domain and loads a chart library from a CDN.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are very broad and match many ordinary SEO-related requests, which can cause the skill to activate when the user did not explicitly ask for this workflow. Unintended activation matters here because the skill can initiate web lookups, competitor discovery, and multi-step report generation, expanding scope and potentially surprising the user.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill directs the agent to write Markdown and HTML reports into the workspace without an explicit user-facing notice or consent step. This is risky because file creation is a side effect that may surprise users, leak analyzed domains into local artifacts, or overwrite existing files if naming collisions occur.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal