registry  /  @seoagent-official/seoagent  /  1.69.0

@seoagent-official/seoagent@1.69.0

⚠ Under review

The persistent AI SEO agent for Claude Code. Audits, keyword strategy, briefs, articles, real product screenshots from your repo, and the autopilot loop (cloud detects → CLI executes → ack closes) — other SEO tools write the prompt, SEOAgent runs it.

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 200 KB of source, external domains: api.openai.com, api.replicate.com, console.anthropic.com, example.com, fal.run, registry.npmjs.org, seoagent.com, www.google.com

Source & flagged code

5 flagged · loading source
index.jsView file
25`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function ka(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var ro="context.md";function Dt... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: `,"utf-8");try{Pc(se,384)}catch{}}function Do(){if(!jo(se))return!1;try{return Ic(se),!0}catch{return!1}}import{existsSync as tt,readdirSync as Rn,statSync as Oc,readFileSync as Fo... L37: `)}function Gc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Mo(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

index.jsView on unpkg · L25
25Trigger-reachable chain: manifest.main -> index.js L25: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function ka(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var ro="context.md";function Dt... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: `,"utf-8");try{Pc(se,384)}catch{}}function Do(){if(!jo(se))return!1;try{return Ic(se),!0}catch{return!1}}import{existsSync as tt,readdirSync as Rn,statSync as Oc,readFileSync as Fo... L37: `)}function Gc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Mo(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L25
36`,"utf-8");try{Pc(se,384)}catch{}}function Do(){if(!jo(se))return!1;try{return Ic(se),!0}catch{return!1}}import{existsSync as tt,readdirSync as Rn,statSync as Oc,readFileSync as Fo... L37: `)}function Gc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Mo(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L36
25`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function ka(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var ro="context.md";function Dt... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: `,"utf-8");try{Pc(se,384)}catch{}}function Do(){if(!jo(se))return!1;try{return Ic(se),!0}catch{return!1}}import{existsSync as tt,readdirSync as Rn,statSync as Oc,readFileSync as Fo... L37: `)}function Gc(e,t){if(!t)return le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Mo(t),r=e-5-n;return r<1?le.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${le.dim("\u250C\u2500 ... L38:
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L25
8.sync.lock L9: `,Ds=process.env.XDG_CONFIG_HOME&&process.env.XDG_CONFIG_HOME.trim().length>0?process.env.XDG_CONFIG_HOME:Re(Ns(),".config"),B=Re(Ds,"seoagent"),se=Re(B,"auth.json"),pn=Re(B,"state... L10: `),i=Ys(r),s=i.length>0?i[0].indent:0,[a]=Rr(i,0,s);return{data:a,body:o}}function It(e){if(!Hs(e))return null;try{return ae(Ks(e,"utf-8"))}catch{return null}}function zs(e){if(e==... ... L25: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function ka(e){let t=[],n=e.split(` L26: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var ro="context.md";function Dt... L27: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... L28: `),r="| URL | In sitemap | In nav | Status | Rendered | Word count | Notes |",o="|---|---|---|---|---|---|---|",i=e.map(s=>`| ${s.url} | ${s.in_sitemap} | ${s.in_nav} | ${s.status}... L29: `)}function mc(e){let t=new Map,n;try{n=dc(e,"utf-8")}cat
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L8

Findings

2 Critical3 High3 Medium2 Low
CriticalSame File Env Network Executionindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighChild Processindex.js
HighCommand Output Exfiltrationindex.js
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings