Back to skill

Security audit

Postproxy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Postproxy API helper for managing real social media accounts, with powerful but purpose-aligned posting, messaging, deletion, queue, and webhook features.

Install only if you trust Postproxy with the connected social accounts and API key. Confirm every publish, DM, delete, queue change, and webhook destination before execution; prefer drafts or pausing queues when uncertain; keep API keys and webhook secrets out of chat logs, source control, and public endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes a destructive DELETE operation for queues without any warning about permanence, side effects, or the need for confirmation. In this skill context, deleting a queue can disrupt scheduled publishing and automation state, increasing the chance that an agent or user triggers irreversible operational damage by mistake.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.