Back to skill

Security audit

x-intelligence-automation-aisa

Security checks across malware telemetry and agentic risk

Overview

This Twitter/X automation skill is mostly disclosed and purpose-aligned, but it can perform live public account actions and prints the raw AISA API key in command output.

Install only if you trust the AISA relay with your API key, post text, engagement targets, and uploaded media. Avoid running the OAuth client in logged environments until the raw API-key output is fixed, and require explicit user confirmation in your workflow before posting, liking, following, or unfollowing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explains the media flow internally, but it does not clearly warn the user at decision time that local attachment files will be transmitted to the AISA relay and then onward to X/Twitter. This creates a meaningful privacy and data-handling risk because users may assume attached files are only used locally or sent directly to Twitter, especially for sensitive images or videos.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This client performs real external state-changing actions against Twitter relay endpoints (like, unlike, follow, unfollow) immediately after argument parsing, with no built-in confirmation, dry-run safeguard, or explicit user-consent gate. In an agent skill context, that is dangerous because ambiguous prompts, prompt injection, or mistaken entity resolution can cause unintended engagement actions on behalf of the user’s account.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The authorize command includes the raw AISA API key in JSON output, which can leak credentials into terminal scrollback, shell history capture tools, logs, CI output, or calling processes. Because this key is used as a bearer token for the relay service, disclosure could allow unauthorized use of the linked Twitter relay account and related API actions.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The post flow returns the AISA API key in command output, including failure cases, creating a direct credential disclosure channel. In skill/agent contexts, command output is often captured, relayed, or stored by orchestration systems, which makes secret exfiltration significantly more dangerous than a purely local CLI.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.