Back to skill

Security audit

IndexLift SEO Auditor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real SEO audit skill, but it needs review because it can make broad website requests from the user’s environment without clear network boundaries.

Install only if you are comfortable running local npm dependencies and allowing the tool to fetch web resources. Audit sites you own or are authorized to test, avoid internal or sensitive URLs, and review redirects/sitemaps carefully because they may trigger additional outbound requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to run `npm install` and a Node audit script against arbitrary user-supplied URLs, which clearly implies outbound network access, but the skill metadata does not declare any corresponding permission boundary. That mismatch is dangerous because it hides the skill's true capability surface from policy enforcement and user review, making SSRF-style access to internal resources or unintended data egress easier if the runtime honors the instructions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description says the skill should activate even if the user does not explicitly mention a skill, audit, or SEO tool, which broadens invocation beyond clear user intent. In context, this is risky because the skill can trigger package installation and networked page fetching, so over-broad matching may cause unrequested external access and execution of a more powerful workflow than the user knowingly asked for.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.