Seo Optimizer

Security checks across malware telemetry and agentic risk

Overview

This SEO skill uses disclosed local scripts to audit HTML files and generate a sitemap, with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Use this skill only on the website directory or HTML files you intend to audit. Review generated sitemap and SEO edits before publishing, and set an explicit output path if generating sitemap.xml to avoid overwriting an unintended file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description says the skill should be used for broad categories like general SEO tasks and optimization requests, without clear limits on applicable inputs or environments. Overbroad routing can trigger the skill on unrelated requests, causing unintended file access or modifications in contexts the user did not mean to authorize.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The catch-all trigger phrase 'Any task related to search engine optimization for HTML/CSS websites' is too general and lacks exclusions. This increases the chance the skill is auto-selected for broad SEO or website requests where its file-reading and file-writing workflow may be inappropriate or surprising.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal