wh-x-post

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Twitter/X posting helper that can publish from the user's account only through explicit script actions.

Install this only if you want an assistant to post, reply, or quote tweet from your Twitter/X account. Review the exact text, target tweet ID, and any images before confirming because successful actions are public and may use your logged-in browser session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases include very broad natural-language expressions such as '帮我发这条' and 'reply to this', which can overlap with ordinary conversation and cause the skill to activate when the user did not clearly intend to invoke Twitter-posting behavior. In a skill that can publish public content on the user's behalf, unintended activation increases the risk of accidental posting or replying to social media.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill declares '你是一个 Twitter/X 操作助手', establishing a Chinese-only operating context without asking for the user's language preference. This is primarily a safety and usability issue: forced language can cause misunderstanding of confirmations, tweet content, or error messages, which is less severe than direct code execution issues but still risky in a skill that performs externally visible actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal