Back to skill

Security audit

SEO Audit Suite

Security checks across malware telemetry and agentic risk

Overview

This looks like a real SEO audit skill, but it needs Review because crafted URLs or keywords can trigger local code execution and the credential guidance is overbroad.

Review or patch this skill before installing. Run it only in a sandbox, audit only public URLs you are authorized to crawl, avoid sensitive internal/staging URLs and confidential keywords, and use least-privilege API credentials. Do not grant Owner/Full Search Console permissions unless you deliberately accept that account-level risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes capabilities that require network access, filesystem reads/writes, and use of environment-provided API keys, but it does not declare permissions for those operations. Undeclared capabilities are dangerous because they hide the real trust boundary from users and policy enforcement, increasing the chance the skill is run with broader access than reviewers expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The skill's declared behavior does not fully match what it advertises and what the analysis indicates it does, including undocumented AI-crawler robots.txt checks and report output discrepancies. Behavior mismatches are risky because they reduce transparency and can mislead users, reviewers, or automated policy systems about what data is collected and how the skill operates.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The setup guide instructs users to grant an "Owner" role to a service account, which is far broader than necessary for reading Search Console SEO data. Excessive IAM privileges increase blast radius if the key is exposed or misused, potentially allowing unrelated project administration actions beyond the skill's stated SEO-audit purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal