Seo Keyword Research

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SEO keyword research skill that crawls provided sites and calls AIsa/DataForSEO APIs, with only a minor concern that its trigger wording is broader than necessary.

Install this only if you are comfortable using AIsa/DataForSEO for SEO research and sending the target site, keyword inputs, competitor names, and resulting SEO data to that service. Keep AISA_API_KEY private, and invoke the skill for SEO keyword workflows rather than generic web research.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README instructs users to invoke the skill for very broad categories such as web search, research, source discovery, and content extraction, which overlap with many generic agent tasks. This can cause the skill to be selected outside its narrowly intended SEO use case, expanding access to crawling and external API-backed research capabilities in contexts where they may be unnecessary or risky.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger text is broad enough to activate on generic web research, source discovery, or content extraction tasks beyond narrow SEO keyword research. Over-broad activation increases the chance that unrelated user content, URLs, or documents are crawled and sent to third-party APIs unnecessarily, expanding data exposure and tool misuse risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal