Google SEO GEO Auto Index

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: submit user-chosen or sitemap-derived URLs to Google’s Indexing API using a disclosed service account key and local cache.

Install only if you intend to let the agent submit indexing notifications for sites you control. Use a dedicated least-privilege Google service account, keep the JSON key path private, review sitemap and URL inputs before using --force or --delete, and clear the local cache when you want to reset indexing history.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill advertises only an allowed Bash tool invocation, but its documented behavior clearly requires access to environment variables, local file reads for the service account key, local file writes for the cache, and outbound network access to fetch sitemaps and call Google APIs. This permission/capability mismatch weakens policy enforcement and can cause operators or automated review systems to underestimate what the skill can actually access and modify.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal