ClawHub
Back to skill

Security audit

Seo Audit Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent basic SEO audit skill that fetches public web pages and writes a local report, with some scope and network-boundary caveats users should understand.

Install this if you want a basic SEO report generator for public URLs. Be aware it will make outbound requests to the target site and, when robots.txt lists sitemap URLs, may also request those sitemap locations; use it only on sites you are comfortable auditing from your environment. Review the generated HTML report before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script trusts Sitemap directives from robots.txt and fetches each candidate URL directly, even if it points to a different host than the audited origin. Because this tool is designed to audit arbitrary user-supplied sites, a remote site can cause the agent to make secondary outbound requests to attacker-chosen destinations, creating a constrained SSRF/network pivot and enabling unexpected egress to third-party hosts.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests such as 'analyze my URL' or 'what's wrong with my page,' which can cause the skill to activate unexpectedly. Unintended invocation matters here because the skill performs outbound requests and writes reports to disk, so a casual query could trigger network access and file creation without clear user intent.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The usage guidance repeats vague examples without strong boundaries, increasing the chance that the agent selects this skill for generic page analysis rather than explicit SEO work. In context, misrouting is not just a UX issue because the skill directs fetching third-party URLs, inspecting content, and saving output files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal