Back to skill

Security audit

X Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it needs raw X session credentials and hands them to an unspecified external CLI while also sending bookmark data to third-party services.

Install only if you trust the bird CLI and understand that X bookmark URLs/content may be stored locally and sent to Jina or MiniMax. Use dedicated/revocable X credentials if possible, verify the CLI source, leave MINIMAX_API_KEY unset for local-only enrichment without AI summaries, and back up the Obsidian vault before batch runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Tainted flow: 'MINIMAX_ENDPOINT' from os.getenv (line 16, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}

    try:
        response = requests.post(MINIMAX_ENDPOINT, headers=headers, json=data, timeout=45)
        if response.status_code >= 400:
            print(f"❌ MiniMax API 錯誤 {response.status_code}: {response.text[:300]}")
            return None
Confidence
93% confidence
Finding
response = requests.post(MINIMAX_ENDPOINT, headers=headers, json=data, timeout=45)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states that X bookmarks are fetched and stored locally under persistent directories, but it does not warn users that bookmark content may include sensitive personal interests, private research topics, or account-linked metadata that will remain on disk. In a skill centered on collecting and enriching personal bookmarks, lack of privacy and retention disclosure increases the risk of unintentional data exposure through backups, shared vaults, or local compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states it will fetch bookmark content, full articles, and generate AI summaries using third-party services, but it does not clearly warn users that bookmark text, URLs, and potentially sensitive reading habits may be transmitted externally. This creates privacy and data-governance risk because personal content and metadata could be disclosed to Jina AI, MiniMax, and other providers without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill automatically writes Markdown notes into the user's Obsidian vault and updates trend-tracking data, but the description does not clearly warn that local files will be created and modified over time. This is dangerous because automated writes can overwrite, clutter, or persist sensitive behavioral data in the vault without the user's fully informed approval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits bookmark URLs to the external service r.jina.ai without any explicit consent, warning, or privacy controls. Bookmark lists can reveal reading habits, interests, internal references, or sensitive links, so silent exfiltration of those URLs to a third party creates a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool sends bookmark titles and content to an external AI service for summarization without any explicit consent, warning, or data-sharing notice at the point of use. Bookmarks can contain sensitive notes, private URLs, or proprietary material, so silent transmission to a third party creates a confidentiality risk even if the API itself is legitimate. In this skill context, the data is user-curated knowledge content, making privacy exposure particularly relevant.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The tool edits bookmark files in place by appending summaries and related links without requiring confirmation or creating backups. This can unexpectedly alter user data, damage formatting, or propagate bad AI-generated content across the knowledge base. In a personal knowledge management workflow, integrity of notes matters, so silent destructive updates are a real safety issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.