Back to skill

Security audit

Google Social Media Finder

Security checks across malware telemetry and agentic risk

Overview

The skill’s basic social-profile lookup is understandable, but it also gives instructions for stealth multi-session scraping that users should review carefully.

Use this only for small, user-directed public lookups. Before installing, be aware that the skill includes guidance for stealth batching and rate-limit avoidance; avoid those parts unless you have clear authorization and a compliant data-access path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly recommends batch orchestration, avoiding anti-scraping limits, and using multiple stealth browser sessions with independent fingerprints to increase throughput. That materially expands the capability from a normal lookup tool into scalable scraping infrastructure and facilitates evasion of platform rate-limiting and abuse controls.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation minimizes risk by claiming the skill is equivalent to manual browser use, yet elsewhere it recommends stealth sessions and throughput scaling to avoid rate limits. That contradiction is dangerous because it masks the true operational profile of the skill and can mislead reviewers or users into approving a tool that supports evasive automated scraping.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill can read from and append to a local memory file without clearly warning the user in the primary description. Even if the content is intended to exclude task outputs, unexpected situations may still reveal operational details, targets, or environmental information in local storage, creating a transparency and data-handling risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.