Security audit

SEO Keyword Density

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed SEO editing helper that reads and modifies user-targeted page content, with no hidden install hooks or credential behavior found.

Install this if you want an agent to edit page copy, metadata, alt text, and translation JSON for SEO. Review diffs before committing, especially because SEO content expansion and keyword-density targets can affect public-facing copy and search quality. VirusTotal was still pending, but artifact evidence and static scans did not show malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to use the Edit tool to apply file changes automatically, but it does not require explicit user confirmation before modifying project files. In a codebase context, this can cause unauthorized or unexpected changes to content, metadata, and SEO-related files, especially because the workflow encourages broad edits across page components and translation JSON files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal