X/Twitter Prospecting

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed prospecting helper that searches public X results through Brave and drafts outreach without hidden account actions or persistence.

Install only if you are comfortable sending prospecting search terms to Brave Search and using your Brave API quota. Avoid entering confidential customer lists, internal campaign names, or sensitive business intelligence as keywords, and review generated outreach before using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: User-supplied keywords are sent to Brave Search, an external third party, without any explicit runtime disclosure or consent mechanism. If operators enter sensitive lead lists, customer names, internal campaign terms, or proprietary intent signals, the skill can unintentionally exfiltrate business-sensitive query data outside the local trust boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal