registry  /  @seoagent-official/seoagent  /  1.71.1

@seoagent-official/seoagent@1.71.1

⚠ Under review

The persistent AI SEO agent for Claude Code. Audits, keyword strategy, briefs, articles, real product screenshots from your repo, and the autopilot loop (cloud detects → CLI executes → ack closes) — other SEO tools write the prompt, SEOAgent runs it.

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 205 KB of source, external domains: api.openai.com, api.replicate.com, console.anthropic.com, example.com, fal.run, registry.npmjs.org, seoagent.com, www.google.com

Source & flagged code

5 flagged · loading source
index.jsView file
26`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ga(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var bo="context.md";function Kt... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&Yo(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function nl(e,t){if(!t)return fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Jo(t),r=e-5-n;return r<1?fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${fe.dim("\u250C\u2500 ... L38:
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

index.jsView on unpkg · L26
26Trigger-reachable chain: manifest.main -> index.js L26: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ga(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var bo="context.md";function Kt... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&Yo(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function nl(e,t){if(!t)return fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Jo(t),r=e-5-n;return r<1?fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${fe.dim("\u250C\u2500 ... L38:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L26
36${i}`),!e.global&&Yo(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function nl(e,t){if(!t)return fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Jo(t),r=e-5-n;return r<1?fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${fe.dim("\u250C\u2500 ... L38:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L36
26`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ga(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var bo="context.md";function Kt... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&Yo(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function nl(e,t){if(!t)return fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=Jo(t),r=e-5-n;return r<1?fe.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${fe.dim("\u250C\u2500 ... L38:
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L26
8.sync.lock L9: `,Ys=process.env.XDG_CONFIG_HOME&&process.env.XDG_CONFIG_HOME.trim().length>0?process.env.XDG_CONFIG_HOME:Te(qs(),".config"),W=Te(Ys,"seoagent"),ue=Te(W,"auth.json"),$n=Te(W,"state... L10: `),i=ra(r),s=i.length>0?i[0].indent:0,[a]=Fr(i,0,s);return{data:a,body:o}}function Dt(e){if(!ea(e))return null;try{return de(ta(e,"utf-8"))}catch{return null}}function oa(e){if(e==... ... L15: `)}var aa=/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;function _n(){return ia()}var ca=new Set(["strapi","wordpress","sanity","contentful","ghost","webflow","... L16: `)}function da(e){let t={domain:e.domain,site_type:e.site_type,language:e.language,initialized_at:e.initialized_at,seoagent_version:e.seoagent_version};return e.skill_version&&(t.s... L17: `,"utf-8");try{ga(ue,384)}catch{}}function Vr(){if(!Yr(ue))return!1;try{return ha(ue),!0}catch{return!1}}var wa=new Set([502,503,504]),ka=1e4;async function P(e,t,n={}){let r=Math.... ... L26: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function Ga(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L8

Findings

2 Critical3 High3 Medium2 Low
CriticalSame File Env Network Executionindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighChild Processindex.js
HighCommand Output Exfiltrationindex.js
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings