Security audit

seo-monitoring

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable SEO monitoring guide whose analytics recommendations fit its purpose, though users should apply privacy controls if they implement User ID tracking.

Safe to install as a planning guide. Before following its GA4 User ID or GSC API suggestions, confirm consent and legal requirements, avoid sending personal information to analytics platforms, and grant only the minimum needed account/API access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill recommends sending User ID to GA4 for cross-device and cross-session identification without any privacy warning, consent requirement, or implementation constraints. This can lead users to deploy persistent cross-context tracking in ways that violate privacy expectations, internal policy, or regional data protection requirements, especially because the guidance is presented as a straightforward attribution configuration step.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.