Security audit

DataForSEO

Security checks across malware telemetry and agentic risk

Overview

This is a coherent DataForSEO integration guide that discloses its ClawLink routing and credential model, with privacy and credit-use cautions users should understand.

Before installing, understand that DataForSEO queries route through ClawLink and may consume DataForSEO credits. Avoid submitting secrets, internal-only URLs, regulated data, or confidential research terms unless your organization approves that use, and confirm large crawls or bulk requests before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The examples send prompts, keywords, domains, and targets to ClawLink/DataForSEO without clearly warning that this data leaves the local environment and is processed by third-party services. Users may unknowingly submit sensitive business queries, internal URLs, or confidential research terms, creating a real privacy and data-governance risk in a tool explicitly designed to forward inputs to external providers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal