ClawHub

SEO and LLM Rankings

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SEO and AI-search audit skill that uses expected website fetching and project-file reading without evidence of hidden persistence, credential use, or exfiltration.

Install this if you want an agent to audit SEO and AI-search visibility for a site or local project. In URL mode, expect outbound requests to the URL you provide and possibly Google PageSpeed; avoid using it on private staging or internal domains unless that is intended. In codebase mode, expect the agent to read relevant project files and the optional .agents/product-marketing-context.md file if present.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
85% confidence
Finding
The skill directs live URL fetching through WebFetch, Python, curl, and external APIs, but it does not clearly warn that target URLs, headers, user agents, and related request metadata will be transmitted to third-party services or remote hosts. In security-sensitive or private environments, this can leak internal URLs, staging domains, or audit targets without explicit user awareness.

Natural-Language Policy Violations

Low
Confidence
77% confidence
Finding
The skill automatically prioritizes reading `.agents/product-marketing-context.md` before asking the user, without consent or validation of whether that file should influence the task. This can pull in sensitive or manipulative local context unexpectedly and may bias outputs using information the user did not intend to disclose for the current audit.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal