Seo Audit

Security checks across malware telemetry and agentic risk

Overview

This SEO audit skill is coherent and purpose-aligned, with the main caveat that it can create a local report file.

Install if you are comfortable letting the skill fetch public URLs, run web searches, read a few project files to identify a target URL, and possibly write docs/seo-audit.md. Prefer using it on public sites or isolated repositories, and ask it to print the report instead of saving if you want to avoid workspace changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill requests `Write` access even though its primary function is to inspect a URL and report SEO issues. While the steps mention writing `docs/seo-audit.md`, granting general write capability is broader than necessary and could modify arbitrary workspace files if the skill is misused, prompt-injected by fetched content, or incorrectly implemented.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill instructs the agent to write a report into the project workspace but does not prominently warn the user that running the audit may create or overwrite a local file. This can lead to unexpected workspace changes and, in combination with broad write permissions, increases the chance of accidental file modification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal