Seo Keyword Pro

Security checks across malware telemetry and agentic risk

Overview

This SEO skill does not show malware, but it needs Review because it mixes SEO tooling with unclear API-key, wallet, and payment expectations.

Review before installing. Use a dedicated low-privilege API key, avoid confidential drafts or client strategy data unless you know where it is processed, and verify the publisher and payment channel before any USDC, wallet, or Alipay payment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises keyword research, rank tracking, and competitor/domain analysis features that necessarily imply sending user-provided domains, keywords, and possibly business strategy data to external APIs or search providers, but it gives no disclosure or consent warning. This can lead users to unknowingly transmit sensitive marketing data, client domains, and competitive intelligence to third parties.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The content optimization example accepts full article text and competitor URLs, which may include unpublished drafts, proprietary content, or client-confidential material, yet the documentation provides no warning that this content may be processed by external services. Users could expose sensitive or copyrighted material without informed consent or controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal