ClawHub

Sovereign Seo Audit

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SEO auditing skill; its website checks, optional codebase review, and IndexNow example are disclosed and aligned with SEO auditing.

Install is reasonable if you want an SEO audit assistant. Before running it, specify the exact site, page, repository, or content scope; use it only where you have authorization; avoid aggressive crawling; and review any generated IndexNow or Search Console submission steps before providing API keys or sending URLs externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger, "What is my site's SEO score and what should I fix first?", is broad and resembles an ordinary user question rather than a clearly scoped command. In an agent environment, this can cause the skill to activate during routine SEO-related conversations and initiate website or code analysis without an explicit, bounded request, increasing the chance of unintended external access or handling of sensitive project content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README says the skill can evaluate "any website, codebase, or piece of content" but does not warn that this may involve accessing external sites or inspecting potentially private source code and unpublished content. In a general-purpose agent, that omission makes it easier for users or downstream systems to invoke the skill on sensitive assets without clear consent, authorization checks, or privacy boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal