ClawHub

Google Generative Engine Optimisation (GEO / SEO)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SEO workflow skill that uses Apify and optional exports for website audits, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable giving the agent access to an Apify token and SEO/business exports. Use environment variables or a secret manager, prefer scoped/read-only credentials and sanitized exports, avoid private or login-only scraping unless you have authorization, and review any scheduled Apify monitoring before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs users to expose API tokens and analytics/export paths to the agent environment without any accompanying least-privilege, scoping, storage, or data-handling guidance. In an agent skill context, this increases the chance that sensitive credentials or proprietary marketing/analytics data are accessible to prompts, logs, generated reports, or downstream tools, causing credential leakage or unintended data disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly encourages users to provide sensitive analytics, search console, business profile, and third-party SEO exports or access, but it does not pair those requests with clear guidance on data minimization, redaction, least-privilege access, or handling of personal/business-sensitive information. In an agent setting, this increases the chance that users will overshare credentials, customer data, or proprietary business intelligence to a workflow that may route data through external tools or logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README asks for an APIFY_API_TOKEN as the primary environment variable but does not warn that API tokens are sensitive secrets that must not be pasted into prompts, shared in reports, or granted broader scope than needed. In agent ecosystems, unclear credential-handling guidance can lead to token leakage through chat history, files, logs, or downstream integrations.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description and top-level usage text are broad enough that many ordinary SEO-related prompts could trigger the skill automatically, even when the user did not intend to authorize crawling, scraping, competitor analysis, or use of external services. Over-broad activation increases the chance of unnecessary data access, unintended network use, and surprising behavior in agent runtimes that auto-select skills from descriptions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example prompts are generic, common-language requests that overlap heavily with everyday user queries, making accidental or over-eager invocation likely in skill-routing systems. In this skill's context, unintended activation is more dangerous because the skill also directs the agent toward environment-variable checks, scraping, external APIs, and competitor/backlink investigation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guidance instructs users to collect brand mentions, review pages, Google Maps/GBP data, media mentions, and third-party profiles via Apify, but it provides no guardrails about consent, platform terms, rate limits, personal data handling, or lawful basis for collection and reuse. In an SEO workflow, this can lead users to scrape and process personal or profile-related data in ways that violate privacy expectations, website terms, or data protection requirements.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text says to use this workflow whenever a user asks for several broad SEO-related topics, which can cause the skill to trigger for generic requests without clear user consent or scope boundaries. In an agentic system, overly broad routing can lead to unnecessary scraping, external tool use, or collection of third-party data beyond what the user intended, increasing operational and privacy risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill provides extensive guidance for scraping websites, SERPs, Maps, reviews, competitor data, and AI-search results, but it does not include clear safeguards about privacy, platform terms-of-service, consent, rate limiting, or lawful data handling. In a production agent context, this omission can normalize potentially non-compliant collection of third-party data and increase the risk of misuse, account bans, or collection of personal/business data without appropriate review.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly directs users to collect and use first-party sources such as Google Search Console, Google Analytics, CRM leads, sales/support questions, internal site search, customer reviews, and client PDFs/reports without any guardrails on consent, minimization, access control, or handling of personal/sensitive data. In an SEO workflow, these sources can contain PII, confidential business information, and regulated data, so omission of privacy and disclosure requirements creates a real risk of unauthorized use or overcollection.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation instruction is broad enough that an agent may invoke this skill on generic user requests related to website growth, competitors, backlinks, or SEO without an explicit opt-in. In multi-skill environments, this can cause unintended tool use, scraping, or prioritization of this skill over more appropriate skills, increasing the risk of scope creep and unauthorized data access.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script performs a network request directly to a user-supplied URL with no validation, allowlisting, or disclosure, which creates an SSRF-style primitive if this tool is run in a trusted environment. An attacker could supply internal or cloud-metadata endpoints instead of a public sitemap URL, causing the host running the skill to fetch unintended resources.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
apify-client>=1.7.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
apify-client>=1.7.0
Confidence
94% confidence
Finding
apify-client>=1.7.0

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal