Skylv Search Optimization Agent

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SEO assistant whose external API and crawling concepts fit its stated purpose, with broad trigger wording as the main caution.

Install it if you want a broad SEO helper. Before running audits, crawls, rank tracking, or API-backed research, confirm the target site is yours or authorized, and avoid sharing sensitive business content or credentials unless you trust the configured SEO provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger section uses broad automatic detection phrases like SEO, keywords, ranking, and optimization, which are common in normal conversation and can cause accidental invocation of the skill. This increases the chance the agent activates in unrelated contexts, leading to unintended tool use, crawling, or external API access without clear user intent.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest includes generic SEO-related triggers and descriptive terms that are likely to collide with ordinary user requests about search optimization. In an agent ecosystem, high-collision triggers can route benign conversation into this skill unexpectedly, causing unauthorized context switching or execution of SEO-oriented actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal