SEO 🦉OwlsClaw - Research * Plan * Write

Security checks across malware telemetry and agentic risk

Overview

This is a documented SEO content workflow skill with purpose-aligned web lookup and optional local saves, but users should enforce confirmation before any file is written.

Install only if you want an SEO research, planning, and content-generation assistant. Before using /seobrief, /seoplan, or any workflow that saves output, require the agent to show the exact content and destination path and wait for an explicit yes. Use /checks only on pages you own or are authorized to audit, and set --lang/brand deliberately for client or jurisdiction-sensitive work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The file contains contradictory instructions: it says plans are added automatically when /seoplan runs, but also says files must never be written silently and require explicit user confirmation before saving. In an agentic system, this ambiguity can cause implementations to auto-write registry or plan files without consent, creating unauthorized file modification risk and weakening user control over disk writes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document explicitly requires confirmation before writing files for /research, /write, /writehtml, and /checks, but separately states that /seobrief saves to SEO_BRIEFS and can be consumed by later commands without any comparable confirmation flow. This inconsistency can cause silent persistence of user-provided or model-generated content to disk, which is a security and privacy risk because users may reasonably assume all file writes are gated by the earlier global warning.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The /seoplan section states that plans are saved to SEO_PLANS/<plan-id>.md, but unlike the earlier file-write warning it does not require disclosure, preview, or confirmation before writing. In an agent context, undocumented autonomous writes can persist sensitive business topics, internal strategy, or prompt-derived content to local storage without user awareness, increasing privacy and integrity risk.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The example trigger phrase at line 104 is broad, natural-language, and framed as something a user can simply 'say' to invoke behavior. In agent environments, such generic examples can blur the boundary between ordinary conversation and command invocation, increasing the chance of unintended activation or prompt-routing into the skill when the user did not explicitly mean to run it.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The persona explicitly instructs the model to present evidence so the reader reaches the 'right' conclusion, which undermines the claimed neutrality and can systematically bias generated research content. In a research/comparison persona, this is dangerous because it can produce persuasive, selectively framed outputs that appear objective while steering decisions, increasing the risk of deceptive or manipulative content.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill instructs users to run `/checks <url>` against any generated page, which is a broad trigger with no stated restrictions on domain, environment, or resource type. In an agentic system, this can enable unintended processing of arbitrary URLs, including internal, sensitive, or non-production endpoints, increasing the risk of SSRF-style access, scope creep, or unsafe automated actions.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill silently defaults web searches to US/en when the user does not provide a language flag, which can mis-handle user intent and cause searches to be sent to an unintended regional context. While not direct code execution or data exfiltration, it can lead to privacy and correctness issues by making external requests using assumptions the user did not explicitly approve.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: Describing generated HTML as automatic and 'ready for copy-paste deployment' encourages users to trust and publish model-generated output without manual review. In an agent setting, this can lead to unsafe or noncompliant HTML, SEO spam, broken markup, or injected content being deployed directly to production.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The workflow explicitly instructs the agent to save generated output into repository files (`SEO_PLANS/<plan-id>.md` and `SEO_PLANS/_index.md`) without any requirement for explicit user confirmation, dry-run mode, or warning that local files will be modified. In an agent setting, silent writes can cause unintended repository changes, overwrite existing content, or be abused through crafted inputs that trigger persistent modifications beyond what the user expected from a planning command.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad, natural-language requests like "Audit my SEO strategy" and "I need a content strategy for [client]", which overlap with common user intents and can cause the skill to activate when the user did not explicitly request this specific tool. In a multi-skill agent environment, unintended activation can route user data or tasks into the wrong workflow, including live URL checks, web research, or file-write paths that this skill supports under gated conditions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal