ClawHub

SEO Assistant

Security checks across malware telemetry and agentic risk

Overview

This SEO skill does what it claims, with disclosed AI features that can send page or topic content to EvoLink for analysis.

Install only if you are comfortable sending SEO content to EvoLink for AI commands. Use local audit and sitemap commands for private material, avoid running check/rewrite/schema on internal or sensitive pages, and use a dedicated EvoLink API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares runtime requirements and documented behaviors that clearly involve environment variable access, shell execution, file reads, and file writes, but it does not declare explicit permissions for those capabilities. This weakens the trust boundary for users and platforms because the skill can handle local files and API keys while appearing less privileged than it actually is.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples include very broad natural-language requests such as 'how's my SEO?' and 'check my page,' which could cause the skill to activate on ordinary conversation without the user intending to invoke external-fetching or AI-analysis behavior. In this skill's context, that is more concerning because some commands may transmit page content or topics to a third-party API and can operate on local files.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill advertises very broad trigger phrases such as "how's my SEO?" and "check my page," which can overlap with common user requests and cause the agent to invoke this skill in situations where the user did not clearly consent to external analysis. In this skill, that matters because several commands send fetched page content or local HTML to a third-party API, so over-triggering could lead to unintended data exposure or unnecessary network activity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The AI-backed commands send user-supplied content to a third-party service (EvoLink) without an explicit, runtime disclosure that local HTML files and fetched page content will leave the machine. This creates a real confidentiality/privacy risk because users may run rewrite/schema/check on proprietary, unpublished, or sensitive content assuming processing is local.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The `check` command fetches a live page and then sends the page HTML to `api.evolink.ai` for analysis, but the script does not present a clear, explicit user-facing disclosure that page contents will leave the host. This creates a real privacy and data-handling risk because fetched pages may contain sensitive or proprietary content, and users may reasonably assume an SEO audit is local unless told otherwise.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The `rewrite` command reads a local HTML file and uploads its contents to the external EvoLink API without a prominent disclosure at execution time. Local files can contain unpublished content, customer data, internal URLs, or secrets embedded in HTML, so silent off-host transmission is a legitimate security and privacy issue.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The `schema` command uploads local HTML content to the external AI API to generate JSON-LD, again without an explicit disclosure that page data is being transmitted externally. In context, this is especially relevant because schema generation often targets draft or internal pages whose contents may not be intended for third-party processing.

External Transmission

Medium
Category
Data Exfiltration
Content
" "$native_prompt" "$native_content" "$native_payload" "$model"

  local response
  response=$(curl -s -X POST "$EVOLINK_API" \
    -H "Authorization: Bearer $api_key" \
    -H "Content-Type: application/json" \
    -d "@$tmp_payload")
Confidence
95% confidence
Finding
curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal