seo-audit

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only SEO guidance skill with optional local note-taking and no evidence of hidden execution or data exfiltration.

Safe to install as an SEO reference skill. Review the optional ~/seo workspace before using it, avoid saving passwords, tokens, or private client data there, and grant access to live site files or Google tools only when you intend the agent to work on those accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs use of a persistent workspace at ~/seo/ with files for memory, audits, and content drafts, but gives no user-facing warning that data may be stored locally across sessions. This creates a privacy and data-governance risk because sensitive site information, audit history, competitive research, or draft content could be retained without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal