X Single Tweet + Article

Security checks across malware telemetry and agentic risk

Overview

This paid X-fetching skill mostly matches its stated purpose, but it embeds a billing API key and can fetch or relay non-X URLs without clear limits.

Review before installing. Use it only for public X/Twitter URLs, assume URLs may be visible to third-party fetch services, and confirm you are comfortable with charge-first billing. The publisher should remove and rotate the embedded billing API key and add strict X/Twitter URL validation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The script embeds a default billing API key directly in source code, causing sensitive credentials to be exposed to anyone with code access and potentially enabling unauthorized billing API use. Even though environment variables are supported, the hardcoded fallback makes credential compromise likely and can lead to fraudulent charges or account abuse.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script forwards arbitrary user-supplied URLs to third-party services such as r.jina.ai and also fetches them directly, which can leak sensitive URLs, query strings, tokens, or internal endpoints to external parties. Because there is no allowlist restricting inputs to x.com/twitter article targets, the code can be abused as a data exfiltration path or indirect SSRF-style fetch mechanism.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal