Back to skill

Security audit

PostKing · Social

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PostKing workflow guide for drafting, approving, and scheduling social posts, with no hidden code, install behavior, or evidence of unrelated data access.

Install only if you intend to let your agent operate PostKing social-post workflows. Before approving or scheduling posts, verify the platform, content, account/brand, and scheduled time yourself, especially for recurring weekly schedules or public posts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes direct approval and scheduling flows that publish content to external social platforms, but it does not require an explicit confirmation or warning at the point of action. In an agent context, this increases the risk of unintended or premature publication if the user’s intent, timing, platform selection, or post variant is misunderstood.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.