SEO Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SEO checker that fetches a user-chosen webpage and analyzes its HTML, with no evidence of hidden data access, persistence, or exfiltration.

Install only if you are comfortable running a small local shell script that makes a network request to the URL you provide. Prefer public pages or pages you intentionally want audited, and consider reviewing the script first if you plan to analyze sensitive internal URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation instructs users to execute a local shell script (`./seo-analyze.sh`) and pipe untrusted remote content into it, which indicates shell execution capability despite no declared permissions. This creates a trust and review gap: users or the platform may treat the skill as low-privilege while it actually relies on code execution and external network input, increasing the risk of command misuse, unsafe parsing, or downstream script abuse.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal