social-media-manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent social media planning skill with a local calendar helper and no evidence of hidden account access, networking, persistence, or destructive behavior.

Reasonable to install for social media strategy and calendar planning. Keep marketing-context.md limited to brand and audience guidance you intend the skill to use, and run the Python calendar helper only with config files you chose.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation text is broad enough to trigger on common marketing conversations such as generic platform selection, follower growth, or social planning, which can cause the agent to invoke this skill outside its narrow intended use. This is not a code-execution or data-exfiltration issue, but it can lead to misrouting, reduced reliability, and unintended handling of user requests that should go to other skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal