indexnow

Security checks across malware telemetry and agentic risk

Overview

This is a simple IndexNow SEO guidance skill with no executable code, and its main caution is to review URL submissions before sending them to search engines.

Safe to install for IndexNow guidance. Use a dedicated IndexNow key, confirm the production domain, and review any single or batch URL list before submitting it to search engines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description contains broad phrases such as "URL notification," "instant indexing," and "IndexNow API," which can match many generic SEO or indexing requests beyond this skill’s narrow purpose. In an agent system, over-broad activation can cause the wrong skill to take control, leading to irrelevant actions, unsafe file reads, or unsolicited operational guidance in contexts where the user did not actually request IndexNow-specific help.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal