Back to skill

Security audit

OpenClaw SEO Content Writer

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill guides SEO publishing, including live deploy and Google Search Console steps, and those actions are disclosed and aligned with its purpose.

Install only if you want an agent-assisted workflow for live SEO publishing. Use least-privilege deployment and Google Search Console credentials, review changes before production deploys or URL submissions, and avoid putting secrets in receipts or generated artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly advertises production deployment, live verification, and Google Search Console submission, but it does not warn users that the skill can trigger real production changes and send site/URL data to external services. In an agent skill context, missing disclosure around operational side effects increases the chance of unintended deployment or external transmission by users who assume this is only a content-drafting workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.