Back to skill

Security audit

pSEO Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a pSEO guide, but it also instructs agents to read Tolstoy business files and publish to Webflow without clear approval safeguards.

Install only if you intend to use the Tolstoy and Webflow workflow. Before use, require the agent to list and confirm any local files it will read, use scoped Webflow credentials, create drafts or previews first, and require human review before publishing anything publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill is advertised as a general-purpose pSEO system design reference, but it contains hardcoded instructions to load brand-specific local files for gotolstoy.com from the user's home/workspace. This expands scope from generic content architecture into access of local sensitive context, which can cause unintended disclosure of proprietary data and prompt the agent to consume files unrelated to the user's immediate request.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill adds direct Webflow CMS publishing steps even though the manifest frames the skill around content generation architecture and renderers. That turns a planning/generation skill into one capable of external state-changing deployment, increasing the risk of unauthorized publication, accidental content release, or misuse of API credentials.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Webflow publishing workflow instructs the agent to POST content to an external CMS without warning about network transmission, credential use, and irreversible publishing side effects. In an agent setting, omission of these warnings increases the chance that users trigger external actions without understanding that content and metadata will leave the local environment and may become publicly visible.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.