registry  /  @seoagent-official/seoagent  /  1.66.0

@seoagent-official/seoagent@1.66.0

⚠ Under review

The persistent AI SEO agent for Claude Code. Audits, keyword strategy, briefs, articles, real product screenshots from your repo, and the autopilot loop (cloud detects → CLI executes → ack closes) — other SEO tools write the prompt, SEOAgent runs it.

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 179 KB of source, external domains: api.openai.com, api.replicate.com, console.anthropic.com, fal.run, registry.npmjs.org, seoagent.com, www.google.com

Source & flagged code

5 flagged · loading source
index.jsView file
25`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ms(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var qr="context.md";function Hr... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: `,"utf-8");try{Xa(ie,384)}catch{}}function Co(){if(!xo(ie))return!1;try{return Qa(ie),!0}catch{return!1}}import{existsSync as Qe,readdirSync as $n,statSync as ec,readFileSync as Eo... L37: `)}function lc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ro(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

index.jsView on unpkg · L25
25Trigger-reachable chain: manifest.main -> index.js L25: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ms(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var qr="context.md";function Hr... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: `,"utf-8");try{Xa(ie,384)}catch{}}function Co(){if(!xo(ie))return!1;try{return Qa(ie),!0}catch{return!1}}import{existsSync as Qe,readdirSync as $n,statSync as ec,readFileSync as Eo... L37: `)}function lc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ro(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L25
36`,"utf-8");try{Xa(ie,384)}catch{}}function Co(){if(!xo(ie))return!1;try{return Qa(ie),!0}catch{return!1}}import{existsSync as Qe,readdirSync as $n,statSync as ec,readFileSync as Eo... L37: `)}function lc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ro(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L36
25`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ms(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var qr="context.md";function Hr... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: `,"utf-8");try{Xa(ie,384)}catch{}}function Co(){if(!xo(ie))return!1;try{return Qa(ie),!0}catch{return!1}}import{existsSync as Qe,readdirSync as $n,statSync as ec,readFileSync as Eo... L37: `)}function lc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Ro(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L25
8.sync.lock L9: `,os=process.env.XDG_CONFIG_HOME&&process.env.XDG_CONFIG_HOME.trim().length>0?process.env.XDG_CONFIG_HOME:Ce(rs(),".config"),M=Ce(os,"seoagent"),ie=Ce(M,"auth.json"),rn=Ce(M,"state... L10: `),i=ms(r),s=i.length>0?i[0].indent:0,[a]=hr(i,0,s);return{data:a,body:o}}function Ct(e){if(!ds(e))return null;try{return se(ps(e,"utf-8"))}catch{return null}}function gs(e){if(e==... ... L25: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ms(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var qr="context.md";function Hr... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... L28: `),r="| URL | In sitemap | In nav | Status | Rendered | Word count | Notes |",o="|---|---|---|---|---|---|---|",i=e.map(s=>`| ${s.url} | ${s.in_sitemap} | ${s.in_nav} | ${s.status}... L29: `)}function La(e){let t=new Map,n;try{n=Oa(e,"utf-8")}cat
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L8

Findings

2 Critical3 High3 Medium2 Low
CriticalSame File Env Network Executionindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighChild Processindex.js
HighCommand Output Exfiltrationindex.js
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings