ClawHub
Back to skill

Security audit

Agent SEO Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, disclosed SEO helper prompt with no executable files in the artifact and no evidence of hidden or destructive behavior.

Before installing, review or trust the linked GitHub CLI because it supplies the runnable code. Keep OAuth tokens, API keys, service-account files, customer content, and search-console exports scoped and redacted, and prefer the skill's doctor, manifest, privacy audit, and dry-run guidance before live provider calls or writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.