ClawHub

Ollama SEO Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a small SEO-audit skill whose web access and local Ollama command are disclosed and purpose-aligned, but users should avoid the missing helper script reference unless supplied and reviewed.

Install only if you are comfortable with the agent fetching target webpages, optionally using browser/search tooling, and running a local Ollama command. Do not let the agent run Scripts/audit.py unless the publisher supplies that exact script in the bundle and you review it first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill advertises broad triggers such as "audit SEO," "check site performance," and "analyze web page SEO" without defining clear scope, approval boundaries, or constraints on what sites/resources may be accessed. This can cause over-triggering on common user requests and lead the agent to perform network access and analysis actions the user did not explicitly authorize, increasing the chance of unintended external interaction.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill combines web fetching, browser usage, web search, and shell execution (`exec 'ollama run ...'` and `Scripts/audit.py`) but does not clearly warn that it will access external resources and execute local commands. In an agent setting, this is dangerous because ambiguous invocation could trigger network requests and command execution on the host environment without sufficiently informed user consent or operational safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal