Autopostonline Agents

Security checks across malware telemetry and agentic risk

Overview

This is a docs-only AutoPostOnline skill that clearly enables agent-driven social posting, so it is high-impact but disclosed and purpose-aligned rather than deceptive.

Install only if you intend to let an agent operate connected social channels through AutoPostOnline. Start in safe mode or with low-risk accounts, confirm the target integrations before posting, keep the API key in a secret manager or protected environment variable, and use autonomous mode only after defining allowed channels, topics, frequency, approval boundaries, and an emergency stop process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The README promotes autonomous publishing, media uploads, and recurring campaigns to live social accounts without prominently warning about irreversible posting, privacy leakage, reputational harm, or account misuse. In this context, agents may act on connected human-owned accounts, so missing safety guidance increases the likelihood of accidental harmful actions even if no direct exploit code is present.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The quickstart instructs users to set a production API URL and immediately query live integrations, but does not caution against using real production accounts or advise limiting blast radius. Because this skill is specifically designed for autonomous social publishing, users may connect real channels and enable actions that affect public-facing accounts before validating behavior safely.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation promotes autonomous social publishing using a single API key and emphasizes that agents can draft, schedule, publish, and analyze content, but it does not clearly warn that these actions can be irreversible and may affect real user accounts and brand reputation. In this context, an agent with the key can perform consequential external actions, so missing safety warnings and operational constraints materially increases the chance of misuse or accidental harmful posting.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation instructs agents to use an API key from environment variables and shows direct Authorization header usage, but it does not explicitly warn readers to protect the credential, avoid logging or exposing it, rotate it, or restrict where it is injected. Because the key appears to enable listing integrations and performing publishing actions, credential leakage could let an unauthorized party access connected channels and post content on behalf of the owner.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The quickstart instructs users to place an API key in environment variables and use it directly in shell commands, but it does not warn about protecting the credential from shell history, logs, screenshots, shared terminals, or accidental commits. Because this key authorizes an autonomous publishing agent, exposure could let an attacker enumerate integrations and potentially act through connected social accounts within the granted permissions.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill is framed for broad autonomous social publishing use cases ('create drafts, upload media, schedule posts, publish...') without strong scoping constraints, approval gates, or explicit activation boundaries. In an agent ecosystem, this can cause over-invocation or misuse in ordinary content-related workflows, increasing the chance of unintended posting actions against connected external accounts.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly supports autonomous publishing to connected social channels but does not prominently foreground that this can perform real-world external actions, including posting publicly, scheduling content, and modifying account state. Because the context is a live social publishing tool, insufficient warning and gating materially increase the risk of reputational damage, misinformation publication, or unauthorized actions by an agent operating with an API key.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest explicitly markets the skill as "Autonomous social publishing infrastructure for AI agents," but does not define approval boundaries, trigger conditions, target accounts, or required human confirmation before posting. In a capability set that includes scheduling, publishing, and campaign workflows, this ambiguity can cause an agent to perform real-world outward actions without sufficient user awareness or control.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The manifest exposes high-risk actions such as upload_media, schedule_posts, publish_posts, and autonomous_campaign_workflows, yet provides no warning that these operations can be externally visible, hard to reverse, or damaging to brand reputation if misused. In this context, the combination of autonomous mode and direct publishing materially increases risk because an agent could post unintended, harmful, or policy-violating content to connected social accounts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal