registry  /  seo  /  0.2.6

seo@0.2.6

The only SEO skill your agent needs. 50+ SEO audit tools through a local CLI and MCP server, using your own crawl, Search Console, and Google Analytics data.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 4.62 MB of source, external domains: 127.0.0.1, accounts.google.com, analyticsadmin.googleapis.com, analyticsdata.googleapis.com, api.dataforseo.com, api.jquery.com, api.semrush.com, chromeuxreport.googleapis.com, developer.mozilla.org, developers.google.com, dom.spec.whatwg.org, example.com, example.invalid, github.com, html.spec.whatwg.org, myaccount.google.com, oauth2.googleapis.com, openidconnect.googleapis.com, searchconsole.googleapis.com, seoskill.dev, status.search.google.com, www.googleapis.com, www.ibm.com, www.w3.org

Source & flagged code

5 flagged · loading source
dist/package-B9-D646K.jsView file
5026patternName = generic_password severity = medium line = 5026 matchedText = password...d]",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/package-B9-D646K.jsView on unpkg · L5026
dist/index.jsView file
21import { gunzipSync } from "node:zlib"; L22: import { execFile } from "node:child_process"; L23: import { fileURLToPath } from "node:url";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L21
dist/cli.jsView file
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{$ as e,$t as t,A as n,At as r,B as i,Bt as a,C as o,Ct as s,D as c,Dt as l,E as u,Et as d,F as f,Ft as p,G as m,Gt as ee,H as h,Ht as te,I as ne,It as re,J as ie,Jt as ae,K ... L4: `,` ... L25: `)}function Lr(e,t,n){let r=t.flatMap(e=>F(e,Math.max(1,n.columns-2)).map((e,t)=>`${t===0?`- `:` `}${e}`));return[n.colors.bold(e),...r].join(` L26: `)}function Rr(e,t){return e.length===0?t.colors.dim(`No parameters.`):Fr(e.map(e=>({title:e.name,description:e.description,meta:[e.type,e.required?`required`:`optional`]})),t,{emp... L27: Top actions ... L33: What to check next L34: `),z([`Status`,`Check`,`Action`],e.topActions.map(e=>[e.status,e.title,K(e.action,96)]))),Y(`Caveats`,e.caveats)}const ai=x({meta:{name:`agent-readiness`,description:`Check content... L35: `);return}process.stdout.write(`Deleted local OAuth tokens. ... L68: Control comparison L69: `),R([[`Control`,e.control.change.title],[`Adjusted clicks`,e.control.adjusted.clickDelta===null?`n/a`:U(e.control.adjusted.clickDelta)],[`Adjusted click %`,e.control.adjusted.clic... L70: `)}\n`}const jo=
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L2
dist/dist-PRmi6cXV.jsView file
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/dist-PRmi6cXV.jsView on unpkg · L2
2import { createRequire as __seoCreateRequire } from 'node:module'; const require = __seoCreateRequire(import.meta.url); L3: import{createRequire as e}from"node:module";import{Headers as t,fetch as n}from"undici";import{chmodSync as r,existsSync as i,mkdirSync as a,readFileSync as o,renameSync as s,rmSyn... L4: <html lang="en">
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/dist-PRmi6cXV.jsView on unpkg · L2

Findings

4 High5 Medium5 Low
HighChild Processdist/index.js
HighShell
HighSame File Env Network Executiondist/dist-PRmi6cXV.js
HighCommand Output Exfiltrationdist/dist-PRmi6cXV.js
MediumSecret Patterndist/package-B9-D646K.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings