Back to skill

Security audit

X(Twitter) Post Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and not deceptive, but it can publish public X posts from a logged-in account without a final approval step.

Install only if you are comfortable with an agent using your logged-in X session to read content and publish posts. Before using it, require manual approval of the exact post text and destination account, consider a dedicated browser profile or test account, and periodically review or clear the memory logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description includes broad triggers like 'post to X', 'run X automation', and 'check trends for content creation', which can match common user requests and cause the skill to activate in situations where the user did not intend automated posting behavior. In this context, overbroad activation is more dangerous because the skill is capable of navigating a live social media account, generating persuasive content, and ultimately publishing it.

Missing User Warnings

High
Confidence
98% confidence
Finding
The workflow directs the agent to navigate to the compose screen, enter the selected text, and click 'Post' without requiring an explicit confirmation step immediately before publication. This is dangerous because the skill also instructs the model to generate bold, opinionated content based on ambient timeline sentiment, creating a realistic risk of unintended, harmful, or reputationally damaging posts being sent from the user's account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.