X Ads CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent read-only helper for X Ads reporting, but it can display sensitive ad account, billing, audience, and payment-method information.

Install only if you intend to use the referenced x-ads-cli package and trust its npm/GitHub provenance. Use least-privilege X Ads credentials, store credential files securely, and avoid printing or sharing raw billing, payment-method, audience, or conversion details unless needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly supports commands that enumerate funding instruments and billing data, but it does not warn the user that these operations may surface sensitive financial or payment-method information. In an agent setting, that omission can lead to unintentional disclosure of business-sensitive billing details to the model output or downstream logs, especially when a user asks broad exploratory questions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal