Back to skill

Security audit

Social Media Engine

Security checks across malware telemetry and agentic risk

Overview

This skill matches its social-media automation purpose, but it can use live credentials to queue or publish real posts while its safety claims and examples do not consistently make that clear.

Install only if you are comfortable giving this skill posting authority for connected Buffer or Postiz accounts. Use a dedicated .env containing only the intended social-media API keys, prefer --draft for first runs, verify the exact account/channel/time before execution, and require a final human confirmation before anything is queued, scheduled, or published.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger for content planning is broad enough to activate on common conversational requests such as general planning or posting advice. In an agent environment, overly broad triggers can cause the skill to engage unexpectedly and steer the model into workflows that gather business context or prepare content without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The post-creation trigger uses very broad natural language that could match ordinary writing help requests, causing the skill to activate outside the user's intended scope. That increases the chance of unrequested content generation and, when combined with scheduling features, could lead to accidental progression toward external actions.

Vague Triggers

Low
Confidence
72% confidence
Finding
The scheduling trigger is ambiguous because it can activate on a user approving drafts or loosely asking to schedule content, without strong boundaries around which content, account, platform, or timing is authorized. In an automation context, ambiguity around action-taking is risky because it can lead to unintended external operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that it reads local .env credentials and sends content to Buffer or Postiz, but the instructions do not provide a prominent user-facing warning at the point of use. This weakens informed consent and can cause users to expose API-backed actions or transmit data to third-party services without a clear understanding of what local secrets are accessed and where content is sent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide tells users to place a live Buffer API key in an environment variable or .env file but provides no warning that the credential is sensitive, should not be committed, and grants posting access to connected social accounts. In the context of an agent skill with filesystem access and network posting capability, weak secret-handling guidance increases the risk of credential leakage and unauthorized posting.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The examples show commands for immediate publishing and scheduling without a prominent warning that they can post to live social channels, potentially causing accidental publication, brand damage, or policy violations. Because this skill is specifically designed to automate social posting, omission of a clear safety warning is more dangerous than in a generic API reference.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.