Back to skill

Security audit

X Voice Match

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for drafting X/Twitter posts, but it needs Review because it can closely mimic real accounts without consent or anti-impersonation safeguards.

Install only for your own account, an authorized brand or client account, or clearly disclosed parody or drafting. Do not use it to impersonate real people or third-party accounts, and be aware that analyzed samples and voice-profile details may be written to local files and displayed in logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to run local Python scripts, read and write files, and invoke shell commands, but it does not declare any permissions or constraints for those capabilities. This creates a transparency and policy gap: an orchestrator or user may trigger code execution and filesystem access without clear consent boundaries, increasing the risk of unintended command execution or data access if the scripts or inputs are unsafe.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description is broad enough to match many ordinary requests about writing posts or maintaining a voice, which can cause over-activation of a skill that performs external-account analysis and shell-backed operations. In context, that means users asking for innocuous writing help could unintentionally invoke account-style scraping or code-driven workflows they did not explicitly request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is designed to analyze external social-media accounts and generate posts that mimic a person's voice, but it does not warn about privacy, consent, impersonation, or platform-policy concerns. That omission is dangerous because it can normalize analysis of third-party accounts and facilitate deceptive content generation without ensuring the user has authorization or understands the ethical and security implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guidance explicitly optimizes for posts that are 'indistinguishable' from a target user's real tweets and asks whether generated content 'could fool someone,' but it provides no warning, restriction, or safeguard against impersonation, deception, or non-consensual voice cloning. In the context of a skill whose purpose is to match a real Twitter/X user's posting style, this omission materially increases the risk of fraudulent or deceptive social-media content generation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script prints the full generated prompt, which includes account identifiers, inferred voice traits, signature phrases, and sample tweets, directly to stdout/stderr. In an agent setting, this can leak private or sensitive profiling data into logs, console history, orchestration traces, or other components without clear user notice or consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code writes analyzed voice-profile data to a predictable fixed path in /tmp without disclosure or safeguards. On multi-user systems this can expose sensitive profiling data, and a fixed temporary filename also creates race-condition, overwrite, and symlink risks.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
# Build prompt
    prompt = build_generation_prompt(profile, args.topic, args.type)
    
    # Output prompt (for Dale to use)
    print("\n" + "="*80)
    print("GENERATION PROMPT FOR LLM:")
    print("="*80)
Confidence
98% confidence
Finding
Output prompt

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.