registry  /  @seoagent-official/seoagent  /  1.77.1

@seoagent-official/seoagent@1.77.1

⚠ Under review

The persistent AI SEO agent for Claude Code. Audits, keyword strategy, briefs, articles, real product screenshots from your repo, and the autopilot loop (cloud detects → CLI executes → ack closes) — other SEO tools write the prompt, SEOAgent runs it.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 245 KB of source, external domains: 127.0.0.1, api.openai.com, api.replicate.com, console.anthropic.com, example.com, fal.run, registry.npmjs.org, seoagent.com, www.google.com

Source & flagged code

5 flagged · loading source
index.jsView file
26`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Kc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var Xo="context.md";function sn... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&xi(G)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function iu(e,t){if(!t)return ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ei(t),r=e-5-n;return r<1?ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${ye.dim("\u250C\u2500 ... L38:
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

index.jsView on unpkg · L26
26Trigger-reachable chain: manifest.main -> index.js L26: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Kc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var Xo="context.md";function sn... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&xi(G)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function iu(e,t){if(!t)return ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ei(t),r=e-5-n;return r<1?ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${ye.dim("\u250C\u2500 ... L38:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L26
36${i}`),!e.global&&xi(G)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function iu(e,t){if(!t)return ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ei(t),r=e-5-n;return r<1?ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${ye.dim("\u250C\u2500 ... L38:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L36
26`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Kc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var Xo="context.md";function sn... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&xi(G)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function iu(e,t){if(!t)return ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ei(t),r=e-5-n;return r<1?ye.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${ye.dim("\u250C\u2500 ... L38:
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L26
8.sync.lock L9: `,Ja=process.env.XDG_CONFIG_HOME&&process.env.XDG_CONFIG_HOME.trim().length>0?process.env.XDG_CONFIG_HOME:je(Ya(),".config"),G=je(Ja,"seoagent"),me=je(G,"auth.json"),Mn=je(G,"state... L10: `),i=sc(r),s=i.length>0?i[0].indent:0,[a]=go(i,0,s);return{data:a,body:o}}function Jt(e){if(!rc(e))return null;try{return ge(oc(e,"utf-8"))}catch{return null}}function ac(e){if(e==... ... L15: `)}var uc=/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;function Wn(){return cc()}var dc=new Set(["strapi","wordpress","sanity","contentful","ghost","webflow","... L16: `)}function mc(e){let t={domain:e.domain,site_type:e.site_type,language:e.language,initialized_at:e.initialized_at,seoagent_version:e.seoagent_version};return e.skill_version&&(t.s... L17: `,"utf-8");try{wc(me,384)}catch{}}function Co(){if(!xo(me))return!1;try{return bc(me),!0}catch{return!1}}var kc=new Set([502,503,504]),$c=1e4;async function T(e,t,n={}){let r=Math.... ... L26: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Kc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L8

Findings

2 Critical3 High3 Medium2 Low
CriticalSame File Env Network Executionindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighChild Processindex.js
HighCommand Output Exfiltrationindex.js
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings