Back to skill

Security audit

X导师.skill - X/Twitter运营导师

Security checks across malware telemetry and agentic risk

Overview

This is a text-only X/Twitter writing and growth advisor, with some broad activation wording but no code, credentials, persistence, or account-control behavior.

Install this only if you want an X/Twitter-focused content advisor. Review generated posts before publishing, avoid sharing account credentials or private analytics exports, and be aware it may activate on some broad tweet or follower-growth requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger phrases are extremely broad and include common conversational terms like 'tweet', 'write a tweet', and 'grow on X', which can cause the skill to activate in many benign contexts where the user did not intend to invoke it. Over-broad activation can override user intent, route unrelated prompts into the skill, and create prompt-selection hijacking or undesired instruction precedence in a larger agent system.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hard-codes output language based on inferred content language instead of user preference, which can lead to incorrect or undesired responses and reduce user control. In multi-skill or multilingual environments, this kind of forced behavior can also cause instruction conflicts and reliability issues when the user's requested output language differs from the detected input language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.