registry  /  seo  /  0.1.0

seo@0.1.0

SEO Skills CLI and MCP for finding technical problems, ranking fixes with search data, and running reports locally.

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 4.25 MB of source, external domains: 127.0.0.1, accounts.google.com, analyticsadmin.googleapis.com, analyticsdata.googleapis.com, api.dataforseo.com, api.jquery.com, api.semrush.com, chromeuxreport.googleapis.com, developer.mozilla.org, developers.google.com, dom.spec.whatwg.org, example.com, example.invalid, github.com, html.spec.whatwg.org, myaccount.google.com, oauth2.googleapis.com, openidconnect.googleapis.com, searchconsole.googleapis.com, status.search.google.com, www.googleapis.com, www.ibm.com, www.w3.org

Source & flagged code

5 flagged · loading source
dist/package-uzXzqDW6.jsView file
5026patternName = generic_password severity = medium line = 5026 matchedText = password...d]",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/package-uzXzqDW6.jsView on unpkg · L5026
dist/index.jsView file
21import { gunzipSync } from "node:zlib"; L22: import { execFile } from "node:child_process"; L23: import { fileURLToPath } from "node:url";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L21
dist/cli.jsView file
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{$ as e,$t as t,A as n,At as r,B as i,Bt as a,C as o,Ct as s,D as c,Dt as l,E as u,Et as d,F as f,Ft as p,G as m,Gt as h,H as g,Ht as _,I as ee,It as te,J as ne,Jt as re,K as... L4: `);return}process.stdout.write(`Deleted local OAuth tokens. ... L42: Control comparison L43: `),I([[`Control`,e.control.change.title],[`Adjusted clicks`,e.control.adjusted.clickDelta===null?`n/a`:H(e.control.adjusted.clickDelta)],[`Adjusted click %`,e.control.adjusted.clic... L44: `)}\n`}const xa=S({meta:{name:`knowledge`,description:`Export site knowledge from a saved crawl as OKF, Markdown, or JSON`},args:{"report-id":{type:`string`,description:`Saved craw... ... L59: Next actions L60: `),L([`Check`,`Action`],t.map(e=>[e.name,G(e.action??``,96)])),q(`Next action details`,t.map(e=>({label:e.name,action:e.action??``}))))}function Z(e,t){let n=E(t);return n?`--${e} ... L61: Representative URL Inspection candidates
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L2
dist/dist-CSY2_p-j.jsView file
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/dist-CSY2_p-j.jsView on unpkg · L2
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/dist-CSY2_p-j.jsView on unpkg · L2

Findings

4 High5 Medium5 Low
HighChild Processdist/index.js
HighShell
HighSame File Env Network Executiondist/dist-CSY2_p-j.js
HighCommand Output Exfiltrationdist/dist-CSY2_p-j.js
MediumSecret Patterndist/package-uzXzqDW6.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings