Content Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent content automation, but it asks users to install unpinned third-party code and configure powerful social-media credentials for upload and scheduled posting workflows.

Review the MoneyPrinterV2 repository and dependencies before use, preferably in an isolated environment. Avoid main-account passwords when possible, use test or scoped accounts, keep secrets out of version control, and require manual review and explicit approval before any upload or scheduled post.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill declares no permissions, yet its documentation instructs users to run shell commands for cloning a repository, installing dependencies, and executing scripts. This hidden capability expands the effective attack surface because an agent or user may perform code execution and external project setup without an explicit permission boundary or warning.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The stated purpose is content creation assistance, but the skill also guides environment validation, repository setup, dependency installation, and local configuration management for an external GitHub project. This mismatch can mislead users and orchestration systems about the real operational scope, causing execution of higher-risk actions than the description suggests.

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: Although presented as a content-creation assistant, the documentation includes direct upload and scheduled posting scripts, which can perform account actions on external platforms. That makes the skill capable of publishing content rather than just drafting it, increasing the risk of unauthorized or unintended external actions.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill asks users to configure API keys, platform credentials, and client secret files even though its stated role is content assistance. Collecting and handling credentials materially raises the risk of credential exposure, misuse, or unauthorized account access, especially when combined with automation and posting features.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The documentation describes automated posting and upload-related configuration without a strong, explicit warning that the skill may use credentials and perform account actions. Users may reasonably believe they are only generating content, when in fact the setup enables actions on real social media or video accounts.

Credential Access

High

Category: Privilege Escalation
Content: }, "youtube": { "enabled": false, "client_secrets_file": "client_secrets.json" }, "affiliate": { "enabled": false,
Confidence: 78% confidence
Finding: secrets.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal