ClawHub

Buffer Social Media

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Buffer social-posting skill, but it can publish or schedule real posts through an API key without a built-in confirmation step.

Install only if you want an agent or CLI to operate your Buffer account. Before using it, require the assistant to show the exact text, target profile ID, and timing, prefer draft or queue workflows for review-sensitive content, avoid --all unless intentional, and keep BUFFER_API_KEY out of repositories, logs, screenshots, and shared environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes immediate and scheduled posting to social media accounts without clearly warning that commands can cause live, public-facing changes. In an agent-skill context, this increases the chance of accidental or misunderstood use, especially when an AI assistant may trigger posting actions on behalf of the user.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to configure a Buffer API key but does not clearly warn that this credential grants access to external account operations and that post content and related account data will be transmitted to Buffer's API. Missing credential-handling guidance can lead to unsafe storage, accidental disclosure, or underinformed consent about third-party data transfer.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill enables actions that can publish, schedule, or queue content to external social media accounts, but the documentation does not clearly warn users that these commands affect connected third-party profiles. In an agent setting, this omission increases the risk of unintended outbound actions, reputational harm, or accidental posting to production accounts because users may treat the command as low-risk content management rather than live account interaction.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is explicitly designed to publish and schedule content to third-party social media accounts, including bulk posting via `--all`, but it does not require or prominently warn about user confirmation before external publication. In an agent setting, this increases the risk of accidental or unauthorized posting to live accounts, which can cause reputational and operational harm.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The document discusses storing and using a Buffer API key in `.env` or config but does not include clear security guidance about protecting credentials, avoiding logs, and preventing accidental commits. This omission can lead to credential leakage and unauthorized use of connected Buffer accounts.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The note stating there is 'no need to ask for permission' directly discourages confirmation before taking actions. In this skill's context, those actions include posting content externally and using stored credentials, so the instruction materially increases the chance of unauthorized actions on real social accounts.

Ssd 1

Medium
Confidence
96% confidence
Finding
The statement that Rose should fix issues autonomously grants broad authority without defined safety boundaries or approval requirements. Because the skill can transmit content to external services and use account credentials, this autonomy can lead to unintended posts, account misuse, or unsafe changes being made without user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal