Back to skill

Security audit

Seo Geo Qa

Security checks across malware telemetry and agentic risk

Overview

The skill performs disclosed SEO, link, and SERP checks, but users should understand that it contacts external sites and Jina Reader during normal use.

Install only if external network checks are acceptable for your articles. Avoid running it on embargoed drafts, internal/staging links, or sensitive URLs unless that exposure is approved; use --skip-serp to avoid competitor search and --no-jina to avoid Jina Reader.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
This code path performs SERP search and competitor-page collection, which is outside the declared article-QA scope of checking a user's draft for links, sources, SEO elements, and citations. Scope drift is dangerous because users may invoke the skill expecting local draft validation, while it instead fetches and analyzes third-party pages, creating undisclosed network activity, privacy concerns, and behavior inconsistent with consent expectations.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The main execution flow builds a report from competitor URLs, common SERP terms, and missing sections instead of validating the article's links, sources, or citation integrity as advertised. That mismatch can mislead operators about what data is being processed and can trigger unintended scraping of external sites, which is a trust and data-governance issue even if not a classic memory-safety bug.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The Jina Reader fetch path is explicitly described and used as a way to bypass Cloudflare and anti-bot measures, which exceeds the stated QA purpose and can facilitate unauthorized access to content behind bot protections. In a content-review skill, embedding anti-bot bypass behavior materially raises legal, compliance, and abuse risk because the tool can be repurposed for mass retrieval of third-party pages under a benign-seeming interface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it uses network services, including `r.jina.ai` for SERP fallback and competitor page fetching, but it does not clearly warn that draft article content, search queries, and analyzed URLs may be sent to third-party services. In a pre-publish workflow, this can leak unpublished or sensitive content externally, which is especially risky because the bypass/anti-bot framing encourages use of an intermediary service without a strong privacy disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
External URLs and their contents are sent to a third-party service (r.jina.ai) without any explicit runtime disclosure or consent mechanism. In the context of a draft-review skill, this is dangerous because user-provided or article-derived URLs may contain sensitive, private, embargoed, or proprietary content, and operators may not realize that data is being relayed off-platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically extracts every URL from the input document and performs outbound requests to those URLs, plus additional search-engine requests, without explicit user consent or a clear warning. In a pre-publish QA workflow, this can leak sensitive draft contents, internal/staging links, tracking parameters that survive canonicalization, and the operator's IP/User-Agent to third parties, creating a privacy and SSRF-style network access risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.