Social Media Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local social media metrics analyzer with broad activation wording but no evidence of hidden access, data exfiltration, persistence, or account control.

Reasonable to install for analyzing exported or manually provided social media campaign data. Be aware that the skill has some broad trigger phrases, so it may activate for general marketing analytics requests; provide only campaign metrics you are comfortable processing in the agent environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest includes generic triggers like "campaign performance" and "compare platforms" without contextual constraints. These phrases are broad enough to match ordinary discussion in analytics or marketing contexts, which could cause unintended invocation of the skill.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Phrases like "Social media audit" and especially "What's performing?" are natural, everyday requests that could apply to many other skills or general chat. The file does not provide exclusion conditions or tighter contextual boundaries for these activations.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal