registry  /  seo  /  0.2.4

seo@0.2.4

⚠ Under review

The only SEO skill your agent needs. 50+ SEO audit tools through a local CLI and MCP server, using your own crawl, Search Console, and GA4 data.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 4.59 MB of source, external domains: 127.0.0.1, accounts.google.com, analyticsadmin.googleapis.com, analyticsdata.googleapis.com, api.dataforseo.com, api.jquery.com, api.semrush.com, chromeuxreport.googleapis.com, developer.mozilla.org, developers.google.com, dom.spec.whatwg.org, example.com, example.invalid, github.com, html.spec.whatwg.org, myaccount.google.com, oauth2.googleapis.com, openidconnect.googleapis.com, searchconsole.googleapis.com, status.search.google.com, www.googleapis.com, www.ibm.com, www.w3.org

Source & flagged code

6 flagged · loading source
dist/package-D6bCOqrD.jsView file
5026patternName = generic_password severity = medium line = 5026 matchedText = password...d]",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/package-D6bCOqrD.jsView on unpkg · L5026
dist/dist-DMSBrZYd.jsView file
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Child Process

Package source references child process execution.

dist/dist-DMSBrZYd.jsView on unpkg · L2
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/dist-DMSBrZYd.jsView on unpkg · L2
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/dist-DMSBrZYd.jsView on unpkg · L2
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = seo@0.1.0 matchedIdentity = npm:c2Vv:0.1.0 similarity = 0.833 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{$ as e,$t as t,A as n,At as r,B as i,Bt as a,C as o,Ct as s,D as c,Dt as l,E as u,Et as d,F as f,Ft as p,G as m,Gt as h,H as ee,Ht as g,I as te,It as ne,J as re,Jt as ie,K a... L4: `,` ... L25: `)}function Tr(e,t,n){let r=t.flatMap(e=>F(e,Math.max(1,n.columns-2)).map((e,t)=>`${t===0?`- `:` `}${e}`));return[n.colors.bold(e),...r].join(` L26: `)}function Er(e,t){return e.length===0?t.colors.dim(`No parameters.`):Cr(e.map(e=>({title:e.name,description:e.description,meta:[e.type,e.required?`required`:`optional`]})),t,{emp... L27: Top actions ... L33: What to check next L34: `),z([`Status`,`Check`,`Action`],e.topActions.map(e=>[e.status,e.title,K(e.action,96)]))),Y(`Caveats`,e.caveats)}const Jr=x({meta:{name:`agent-readiness`,description:`Check content... L35: `);return}process.stdout.write(`Deleted local OAuth tokens. ... L69: Control comparison L70: `),R([[`Control`,e.control.change.title],[`Adjusted clicks`,e.control.adjusted.clickDelta===null?`n/a`:U(e.control.adjusted.clickDelta)],[`Adjusted click %`,e.control.adjusted.clic... L71: `)}\n`}const go=
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L2

Findings

1 Critical4 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/dist-DMSBrZYd.js
HighShell
HighSame File Env Network Executiondist/dist-DMSBrZYd.js
HighCommand Output Exfiltrationdist/dist-DMSBrZYd.js
MediumSecret Patterndist/package-D6bCOqrD.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings