Back to skill

Security audit

SEO Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SEO helper with local analysis scripts and no evidence of hidden data access, persistence, or destructive behavior.

Reasonable to install for local SEO assistance. Use a virtual environment if installing Python packages, and note that the listed requests and beautifulsoup4 dependencies appear unnecessary for the included scripts. Avoid pasting confidential unpublished content unless you are comfortable processing it locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
94% confidence
Finding
The skill advertises a `meta <url>` capability that likely fetches user-supplied URLs, but it does not warn users that this may trigger outbound requests to third-party sites. This is a real transparency and privacy issue because users may unintentionally cause network access to external systems, which can leak IP, environment, or usage metadata and create unexpected interactions with attacker-controlled endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.