X to Kindle

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it asks users to store an email app password in a plain TOOLS.md file, which deserves careful review.

Review before installing. Use a dedicated email account or protected secret storage instead of putting a Gmail app password in TOOLS.md, confirm the Kindle recipient before sending, and understand that tweet information will be fetched through fxtwitter and emailed through your SMTP provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill directs the agent to send tweet content and a user’s Kindle email address through third-party services (fxtwitter API and SMTP) without any privacy notice, consent check, or data-handling limitation. This creates a real privacy risk because user-linked content and destination email information are transmitted externally, and the skill context explicitly operationalizes that transfer.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The configuration instructs storing a Gmail app password in TOOLS.md, which is effectively documentation-based secret storage and risks credential exposure to the agent, logs, backups, version control, or other tools that can read workspace files. Exposed SMTP credentials could be abused to send email as the user, access connected mail workflows, or facilitate broader account compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal