registry  /  seo  /  0.2.0

seo@0.2.0

⚠ Under review

The only SEO skill your agent needs. 50+ SEO audit tools through a local CLI and MCP server, using your own crawl, Search Console, and GA4 data.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 4.40 MB of source, external domains: 127.0.0.1, accounts.google.com, analyticsadmin.googleapis.com, analyticsdata.googleapis.com, api.dataforseo.com, api.jquery.com, api.semrush.com, chromeuxreport.googleapis.com, developer.mozilla.org, developers.google.com, dom.spec.whatwg.org, example.com, example.invalid, github.com, html.spec.whatwg.org, myaccount.google.com, oauth2.googleapis.com, openidconnect.googleapis.com, searchconsole.googleapis.com, status.search.google.com, www.googleapis.com, www.ibm.com, www.w3.org

Source & flagged code

6 flagged · loading source
dist/package-7aT8_Xp0.jsView file
5026patternName = generic_password severity = medium line = 5026 matchedText = password...d]",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/package-7aT8_Xp0.jsView on unpkg · L5026
dist/dist-6bK_8r5M.jsView file
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Child Process

Package source references child process execution.

dist/dist-6bK_8r5M.jsView on unpkg · L2
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/dist-6bK_8r5M.jsView on unpkg · L2
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/dist-6bK_8r5M.jsView on unpkg · L2
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = seo@0.1.0 matchedIdentity = npm:c2Vv:0.1.0 similarity = 0.833 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{$ as e,$t as t,A as n,At as r,B as i,Bt as a,C as o,Ct as s,D as c,Dt as l,E as u,Et as d,F as f,Ft as p,G as m,Gt as h,H as g,Ht as ee,I as te,It as ne,J as re,Jt as ie,K a... L4: `);return}process.stdout.write(`Deleted local OAuth tokens. ... L42: Control comparison L43: `),I([[`Control`,e.control.change.title],[`Adjusted clicks`,e.control.adjusted.clickDelta===null?`n/a`:H(e.control.adjusted.clickDelta)],[`Adjusted click %`,e.control.adjusted.clic... L44: `)}\n`}const Ta=x({meta:{name:`knowledge`,description:`Export site knowledge from a saved crawl as OKF, Markdown, or JSON`},args:{"report-id":{type:`string`,description:`Saved craw... ... L59: Next actions L60: `),L([`Check`,`Action`],t.map(e=>[e.name,G(e.action??``,96)])),q(`Next action details`,t.map(e=>({label:e.name,action:e.action??``}))))}function Z(e,t){let n=T(t);return n?`--${e} ... L61: Representative URL Inspection candidates
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L2

Findings

1 Critical4 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/dist-6bK_8r5M.js
HighShell
HighSame File Env Network Executiondist/dist-6bK_8r5M.js
HighCommand Output Exfiltrationdist/dist-6bK_8r5M.js
MediumSecret Patterndist/package-7aT8_Xp0.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings