Back to skill

Security audit

Tweet Monitor Pro

Security checks across malware telemetry and agentic risk

Overview

This tweet-scraping skill has a clear purpose, but its code can execute shell commands from unvalidated inputs and relies on unbundled external scraping components.

Avoid installing this skill until the command-execution issue and missing external scraper dependency are fixed. If you still test it, run it only in an isolated sandbox, do not pass untrusted URLs or usernames, and do not configure billing credentials unless you have verified the publisher and payment flow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.js:109