Back to skill

Security audit

Social Media Manager

Security checks across malware telemetry and agentic risk

Overview

This social media skill is coherent, but it describes auto-publishing, analytics, comment handling, and DM automation without clear account permissions or approval controls.

Review this carefully before installing. Use it as a drafting and planning assistant unless you can ensure every publish, cross-post, comment action, and DM response requires explicit approval and uses narrowly scoped social account permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises analytics, audience insights, mention tracking, DM automation, and scheduling/publishing features without disclosing what data is collected, what accounts or messages may be accessed, or what actions may be taken on the user's behalf. In a social-media management context, these capabilities can involve sensitive personal data, third-party account tokens, and potentially irreversible posting or messaging actions, so the lack of privacy and action transparency is a real security and trust risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.