Back to skill

Security audit

SEO to HTML Maker (via Kanban Plugin)

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SEO workflow with a clearly disclosed companion plugin and cloud dashboard dependency, so it is acceptable with privacy cautions.

Install this only if you are comfortable using the separate claw-kanban plugin and teammate.work dashboard. Review the companion plugin first, use a limited or disposable dashboard key where possible, and avoid sending confidential, regulated, or unpublished business content unless you have checked the dashboard's data handling and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to install a companion plugin and obtain a Dashboard API key for a third-party service, but the skill description does not clearly warn about external cloud tracking, data transmission, or what content may be shared off-platform. This can lead users to unknowingly send generated content, metadata, or workflow artifacts to an external dashboard, creating privacy, compliance, and supply-chain risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.