Tootbot

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can publish real Mastodon posts and upload local media using an account token without strong confirmation safeguards.

Install only if you are comfortable giving the skill a Mastodon token that can post on your behalf. Before each run, confirm the exact text, media files, visibility, account, and scheduled time; avoid sensitive files or secrets, and prefer a least-privilege token you can revoke.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README instructs users to post arbitrary text and media to Mastodon but does not clearly warn that this action sends content to an external, potentially public service. In an agent-skill context, this increases the risk of accidental data exfiltration, unintended public posting, or disclosure of sensitive user content because operators may treat the skill as a harmless local formatting tool rather than a publishing action.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description explains how to post content but does not prominently warn that actions may publish publicly to a real Mastodon account and upload media via stored credentials. In this context, missing consent language is dangerous because users may trigger irreversible public posting without understanding the visibility, account, or media-upload consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal