ClawHub

Seo Prospector

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SEO lead-generation skill, but it contacts external websites and APIs and stores prospect/outreach data locally.

Install only if you are comfortable with a lead-generation workflow that contacts prospect websites, uses third-party APIs when configured, and saves lead and outreach data locally. Review all outreach before sending, avoid entering secrets or sensitive client strategy into searches or reports, and periodically delete old prospect data you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"--max-time", str(timeout + 5),
            url
        ]
        proc = subprocess.run(head_cmd, capture_output=True, text=True, timeout=timeout + 10)
        parts = proc.stdout.strip().split("|")
        status_code = int(parts[0]) if parts[0].isdigit() else 0
        final_url = parts[2] if len(parts) > 2 else url
Confidence
90% confidence
Finding
proc = subprocess.run(head_cmd, capture_output=True, text=True, timeout=timeout + 10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"--max-filesize", "500000",  # 500KB max
            url
        ]
        body_proc = subprocess.run(body_cmd, capture_output=True, text=True, timeout=timeout + 10)
        body = body_proc.stdout[:50000]  # Check first 50KB

        if PARKED_RE.search(body):
Confidence
90% confidence
Finding
body_proc = subprocess.run(body_cmd, capture_output=True, text=True, timeout=timeout + 10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
domain = domain.lower().strip().replace("https://", "").replace("http://", "").split("/")[0]

    try:
        proc = subprocess.run(
            ["whois", domain],
            capture_output=True, text=True, timeout=timeout
        )
Confidence
81% confidence
Finding
proc = subprocess.run( ["whois", domain], capture_output=True, text=True, timeout=timeout )

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is broad and includes generic phrases like "find leads," "batch research," and "cold outreach," which may cause the skill to activate in contexts the user did not intend. Because this skill performs prospecting, report generation, tracking, and outreach-related workflows, accidental invocation could lead to unwanted data collection, file creation, or preparation of outbound messages.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description and workflow emphasize automated outreach, tracking, database storage, and daily pipeline summaries, but do not prominently warn users that prospect data will be collected, persisted, and used to generate outbound communications. This reduces informed consent and increases the risk of privacy, compliance, or reputational issues if users invoke it without understanding the automation and retention behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest description advertises broad end-to-end automation ('on autopilot', cron-driven discovery, audit, report generation, and outreach) without clearly constraining when the skill should act or what requires explicit user confirmation. In an agent ecosystem, vague automation scope increases the chance of unintended autonomous lead generation, outreach, or scheduled actions that could trigger spam, compliance, or reputational harm.

Natural-Language Policy Violations

Low
Confidence
80% confidence
Finding
The skill explicitly promotes automated cold outreach and personalized email generation but provides no policy framing for recipient locale, language, consent, or applicable outreach rules. In context, this makes misuse easier at scale and can facilitate non-compliant or inappropriate outreach campaigns, especially across jurisdictions with different anti-spam and privacy requirements.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow explicitly instructs posting a daily summary to Discord but provides no guidance to minimize, redact, or classify the data being shared. In this skill's context, summaries may include prospect identities, priorities, research outcomes, errors, and links to report locations, creating a realistic risk of internal data leakage or exposure to broader channel audiences or third-party SaaS retention.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends the user-provided query and optional system prompt directly to Perplexity's external API without any disclosure, consent flow, or filtering of potentially sensitive data. In an SEO prospecting workflow, operators may include client names, internal lead notes, outreach strategies, or other business-sensitive content, causing unintended third-party disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The outreach workflow persists contact_email values directly into a local JSON database under the user's home directory with no minimization, consent prompt, retention policy, or access controls. In a lead-generation and cold-outreach skill, this increases privacy and compliance risk because personal contact data may be stored longer than intended, exposed to other local processes/users, or included in backups and workspace syncs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes the report to disk unconditionally before checking dry-run behavior, which violates the likely expectation that dry-run should avoid side effects. In a prospecting workflow, this can leak sensitive research content, create misleading records, or persist data in environments where the user believed nothing would be saved.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function sends the full prospect report, including business research and synthesized notes, to an external LLM provider without clear upfront disclosure or consent at the interface level. In this skill context, that data may include proprietary agency research, lead intelligence, or sensitive client workflow information that users may not expect to leave the local environment.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill performs outbound HTTP/network verification on prospect data without any user-facing disclosure or consent boundary. In an agent environment, this is risky because simply analyzing a report can transmit target URLs/domains to third parties and can probe attacker-chosen infrastructure or internal network locations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal