ClawHub

cn-seo-optimizer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it needs review because it can send full drafts and keywords to an external API and has unsafe script input handling.

Review before installing if you handle confidential marketing copy, product plans, regulated text, or client drafts. Only run the API scripts on content you are comfortable sending to the listed Tencent Cloud endpoints, keep any CN_SEO_TOKEN out of source control, and avoid passing untrusted raw text to predict.sh or suggestions.sh until their input handling is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases in the metadata are broad enough to match many ordinary SEO, writing, and content requests that may not require this specific skill. Over-broad activation can cause the agent to invoke a networked, script-capable skill unexpectedly, increasing exposure of user content to external services without informed intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'When to Use This Skill' section defines activation conditions so broadly that the skill may be used for general Chinese content writing or SEO help, not just compliance scanning. Because the skill pushes mandatory API-backed checks and scripts, broad routing materially raises the chance of unnecessary third-party transmission of sensitive drafts or business content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The quick-start instructions direct users to run scripts that send raw content, titles, and keywords to external API endpoints, but they do not warn that this data leaves the local environment. This is dangerous because users may submit confidential marketing copy, product plans, or regulated content without understanding the privacy, retention, or jurisdictional implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The configuration and web-app sections provide endpoint URLs, token setup, and paid service usage without any warning about token sensitivity or external processing of content. This can lead users to expose API tokens insecurely and to send sensitive data to a hosted service without understanding access scope, storage, or sharing risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends the full user text, title, platform, and keywords to a remote API endpoint, but the runtime UX does not prominently warn users that their content is leaving the local machine. This creates a real privacy and data-handling risk, especially because users may scan sensitive draft marketing copy, proprietary content, or regulated text under the assumption the check is local.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits the full user-supplied content to a remote API endpoint for scoring, but it gives no notice, consent prompt, redaction step, or privacy warning before doing so. Because this skill is designed for SEO/compliance review of draft marketing copy, users may paste unpublished, sensitive, or regulated content and unintentionally disclose it to a third-party service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends the user-provided keyword to a remote API endpoint without clearly warning the user that their input will leave the local machine. In a compliance-checking workflow, users may paste draft ad copy, product terms, or other sensitive business language, creating an avoidable privacy and data-handling risk.

VirusTotal

2/65 vendors flagged this skill as malicious, and 63/65 flagged it as clean.

View on VirusTotal