gsc-seo-page

SUSPICIOUS: the skill is broadly aligned with SEO automation and uses official Google/Vercel tooling, so it does not show clear credential theft or hidden exfiltration. However, its footprint is powerful: it reads raw service-account credentials, modifies DNS and Search Console ownership, loads persistent launch agents, writes code, and pushes to main automatically. The main risk is disproportionate autonomy and privileged operational changes, not confirmed malware.