Back to skill

Security audit

Aeo Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a content-formatting assistant for AEO article rewrites, with no hidden install code or persistence; its main caution is optional fetching of user-provided URLs.

Install only if you want an article AEO optimizer that may rewrite structure and, when you provide a URL, fetch that page. For confidential drafts or internal sites, paste the article text instead of giving a URL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to fetch user-provided URLs, which creates outbound network access and may transmit sensitive user-supplied targets or session-linked metadata to external sites without an explicit safety warning or consent checkpoint. In a content-processing skill, this can expose private or internal URLs, trigger requests to attacker-controlled infrastructure, and expand the trust boundary beyond pasted text.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list includes broad phrases like general optimization or editing-style requests that can overlap with ordinary writing assistance, increasing the chance the skill activates when the user did not intend a full AEO workflow. Over-broad invocation is risky because it may cause unnecessary transformations, audits, or URL-fetch behavior in contexts where the user expected simpler editing help.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.