Tweet Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed X/Twitter posting CLI integration, with real account-posting risk but no artifact-backed deception or unrelated behavior.

Install only if you are comfortable giving this CLI write access to your X account. Use a dedicated X app token with the minimum needed permissions, inspect the pinned GitHub release before installing, protect or rotate the credentials in ~/.config/tweet-cli/.env, and only enable scheduled posting when you have reviewed the exact content and cadence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Credential Access

High

Category: Privilege Escalation
Content: mkdir -p ~/.config/tweet-cli touch ~/.config/tweet-cli/.env chmod 600 ~/.config/tweet-cli/.env cat > ~/.config/tweet-cli/.env << 'EOF' X_API_KEY=your_consumer_key X_API_SECRET=your_secret_key X_ACCESS_TOKEN=your_access_token
Confidence: 90% confidence
Finding: .env

Session Persistence

Medium

Category: Rogue Agent
Content: 2. Get API keys from https://developer.x.com/en/portal/dashboard (Free tier works) 3. Configure credentials (file is created with restricted permissions): ```bash mkdir -p ~/.config/tweet-cli touch ~/.config/tweet-cli/.env chmod 600 ~/.config/tweet-cli/.env cat > ~/.config/tweet-cli/.env << 'EOF'
Confidence: 92% confidence
Finding: mkdir -p ~/.config/tweet-cli touch ~/.config/tweet-cli/.env chmod 600 ~/.config/tweet-cli/.env cat > ~/.config/tweet-cli/.env << 'EOF' X_API_KEY=your_consumer_key X_API_SECRET=your_secret_key X_ACCESS

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal