Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Seo Audit
Security checks across malware telemetry and agentic risk
Overview
This SEO audit skill is coherent and does what it claims, but it will contact websites the user asks it to analyze.
Install if you are comfortable with the agent fetching public websites you provide and using search for SEO analysis. Do not provide intranet, localhost, cloud metadata, private staging, or otherwise sensitive URLs unless you have network isolation and intend those requests.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)
Vague Triggers
Medium
- Confidence
- 95% confidence
- Finding
- The description lists triggers such as "check SEO," "improve rankings," "meta tags," and "fix SEO issues," which are broad natural-language phrases that could overlap with ordinary conversation or unrelated assistance requests. The file does not provide exclusion conditions or constraints that clarify when the skill should not activate.
Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- This code performs HTTP requests to arbitrary user-provided URLs via urllib.request.urlopen, which is a safety-relevant network operation. While the file has a generic docstring and progress prints, it does not clearly disclose that running the script will make outbound requests to the specified site and competitor URLs, potentially transmitting the user's IP and request metadata.
VirusTotal
63/63 vendors flagged this skill as clean.