registry  /  @seoagent-official/seoagent  /  1.73.0

@seoagent-official/seoagent@1.73.0

⚠ Under review

The persistent AI SEO agent for Claude Code. Audits, keyword strategy, briefs, articles, real product screenshots from your repo, and the autopilot loop (cloud detects → CLI executes → ack closes) — other SEO tools write the prompt, SEOAgent runs it.

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 218 KB of source, external domains: api.openai.com, api.replicate.com, console.anthropic.com, fal.run, registry.npmjs.org, seoagent.com, www.google.com

Source & flagged code

5 flagged · loading source
index.jsView file
26`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function bc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var Lo="context.md";function Yt... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&ai(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function Ol(e,t){if(!t)return me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=ui(t),r=e-5-n;return r<1?me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${me.dim("\u250C\u2500 ... L38:
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

index.jsView on unpkg · L26
26Trigger-reachable chain: manifest.main -> index.js L26: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function bc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var Lo="context.md";function Yt... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&ai(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function Ol(e,t){if(!t)return me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=ui(t),r=e-5-n;return r<1?me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${me.dim("\u250C\u2500 ... L38:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg · L26
36${i}`),!e.global&&ai(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function Ol(e,t){if(!t)return me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=ui(t),r=e-5-n;return r<1?me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${me.dim("\u250C\u2500 ... L38:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L36
26`);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function bc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\/\S+)(?:\s+[—–-]\s+(.+))?$/);o&&t.push({url:o[1].trim(),description:o[2]?.trim()||""})}return t}var Lo="context.md";function Yt... L28: `),n=["# Pages","","Inventory of pages discovered in your codebase. Re-running `seoagent init`","or `seoagent refresh` re-scans and merges in newly-added pages without","touching r... ... L36: ${i}`),!e.global&&ai(W)&&l.info("Your seoagent.com login (~/.config/seoagent/) was kept \u2014 it is shared across projects. Run `uninstall --global` to wipe it too."),l.info(`Re-i... L37: `)}function Ol(e,t){if(!t)return me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`);let n=ui(t),r=e-5-n;return r<1?me.dim(`\u250C${"\u2500".repeat(e-2)}\u2510`):`${me.dim("\u250C\u2500 ... L38:
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L26
8.sync.lock L9: `,xa=process.env.XDG_CONFIG_HOME&&process.env.XDG_CONFIG_HOME.trim().length>0?process.env.XDG_CONFIG_HOME:Te(Sa(),".config"),W=Te(xa,"seoagent"),de=Te(W,"auth.json"),Cn=Te(W,"state... L10: `),i=La(r),s=i.length>0?i[0].indent:0,[a]=Qr(i,0,s);return{data:a,body:o}}function Bt(e){if(!Ia(e))return null;try{return pe(Ta(e,"utf-8"))}catch{return null}}function ja(e){if(e==... ... L15: `)}var Fa=/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;function Pn(){return Na()}var Ua=new Set(["strapi","wordpress","sanity","contentful","ghost","webflow","... L16: `)}function Ga(e){let t={domain:e.domain,site_type:e.site_type,language:e.language,initialized_at:e.initialized_at,seoagent_version:e.seoagent_version};return e.skill_version&&(t.s... L17: `,"utf-8");try{qa(de,384)}catch{}}function lo(){if(!ao(de))return!1;try{return za(de),!0}catch{return!1}}var Ya=new Set([502,503,504]),Ja=1e4;async function P(e,t,n={}){let r=Math.... ... L26: `);for(let r of n){let o=r.match(/^[-*]\s+(.+)$/);if(o){let i=o[1].trim();(!i.startsWith("(")||!i.endsWith(")"))&&t.push(i)}}return t}function bc(e){let t=[],n=e.split(` L27: `);for(let r of n){let o=r.match(/^[-*]\s+(https?:\/\
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

index.jsView on unpkg · L8

Findings

2 Critical3 High3 Medium2 Low
CriticalSame File Env Network Executionindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighChild Processindex.js
HighCommand Output Exfiltrationindex.js
HighSandbox Evasion Gated Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings