Back to skill

Security audit

audit website for SEO, security, performance and 200+ other issues

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed website audit and remediation skill; it can scan live sites and edit local website files, but the artifacts require user confirmation before fixes and show no hidden exfiltration, persistence, or destructive behavior.

Install this only if you want a website auditor that may also help edit local code and content after you approve fixes. Use it only on sites you own or are authorized to test, review each proposed fix batch, keep changes reviewable, avoid squirrel init --force unless overwriting config is intended, and be careful with full live scans on production sites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as an auditing/reporting tool, but these instructions expand its behavior into making code and content changes after an audit. That broadens the operational scope from analysis into modification, increasing the chance an agent will edit files or make remediation changes the user did not expect from an 'audit' skill.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This workflow instructs the agent to iteratively apply fixes, re-audit, and continue remediation until score targets are reached. That creates pressure to perform repeated automated modifications, potentially causing unintended code/content changes and encouraging autonomous behavior beyond a passive assessment tool.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documentation treats content and code editing as a normal part of the skill, even though the manifest and primary description position it as an audit/reporting capability. This mismatch can mislead users and downstream agents into granting broader trust and permissions than are appropriate for a scanner.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly prefers scanning live websites and recommends deep scans that may impact target performance, but it omits warnings about authorization, privacy, rate limits, and production safety. In practice, this can lead agents or users to run intrusive scans against third-party or production systems without adequate consent or safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.