Serpzilla SEO Guest Posting Skill for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps manage Serpzilla SEO guest-post purchases and requires confirmation before money-moving or destructive actions.

Install only if you want an agent to manage Serpzilla SEO placements. Review site, price, account balance, placement ID, and action details before confirming purchases, approvals, cancellations, arbitration actions, or teardowns, and treat the Serpzilla API token as a sensitive credential.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This documentation exposes destructive actions such as cancellation and termination without clearly warning that they can reject placements, trigger permanent link removal, or become irreversible once executed. In an agent skill context, sparse safety guidance increases the chance an automated agent or inattentive operator will invoke high-impact state transitions based only on terse action descriptions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal