the skill to browse X

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser-based helper for using X/Twitter, including account-changing actions, with no hidden code or persistence found.

Install only if you are comfortable letting an agent operate an X/Twitter browser session. Use a separate browser profile if possible, and require explicit approval before every public or account-changing action, including posts, replies, reposts, likes, and follows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description is broad enough to activate for many generic social-media requests, including actions with real-world side effects on a user's X account. Because the skill supports both read-only and write operations, loose invocation criteria increase the risk of unintended account actions or over-selection when a safer/read-only skill would suffice.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documents multiple state-changing actions—like, repost, reply, and follow—without requiring explicit confirmation or user-warning for each operation. In a browser-automation context, this can directly cause unintended social actions from the user's authenticated account, creating reputational, privacy, and operational risk if the assistant misinterprets intent or clicks the wrong control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal