Social Intelligence

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed Xpoz social-intelligence integration, with the main risk being user handling of exported social-media data.

Install only if you are comfortable sending Xpoz queries, results, and authentication material to Xpoz's hosted service. Treat exported social-media datasets as personal data: minimize bulk exports, store CSVs securely, avoid redistributing them casually, and confirm your use complies with platform terms and applicable privacy rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly promotes exporting large social-media datasets without any accompanying guidance on privacy, lawful collection, retention, or downstream handling. In a social-intelligence and lead-generation context, this increases the risk that an agent or user will collect, store, and redistribute personal or sensitive data at scale without safeguards, creating privacy, compliance, and data-governance exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal