Security audit

多社交平台内容同步

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed social-media automation tool, but it can use account sessions to publish publicly, automate CAPTCHA/risk-control workflows, and run scheduled or batch posting without clear approval safeguards.

Review before installing. Use only accounts you control, assume cookie files are credentials, keep third-party CAPTCHA solving disabled unless you accept the data-sharing and platform-rule risks, avoid scheduled or batch mode until behavior is tested, and require manual review before public posting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (17)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documents capabilities that read local files and invoke shell commands, but it does not declare permissions or boundaries for those operations. That creates an authorization gap: users and hosting systems cannot accurately assess what the skill may access or execute, increasing the risk of over-privileged operation and unsafe command usage.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The script advertises end-to-end fetching and distribution, but `_fetch_source_content()` returns hardcoded placeholder content and `_distribute_to_platform()` always logs success and returns `True` without actually publishing. This is dangerous because operators may rely on false success signals, causing silent data integrity failures, missed publications, and incorrect automation outcomes in production workflows.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README promotes automated cross-platform publishing and captcha handling but does not clearly warn that this workflow may expose account credentials, cookies, session tokens, post metadata, and content to multiple services and automation components. In this skill context, the omission matters because the tool explicitly coordinates logins and anti-bot interactions across several platforms, increasing privacy, account-lockout, and policy-violation risk for users who may not understand the consequences.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill automates cross-platform reposting and describes optional third-party CAPTCHA solving, which can transmit account/session-related content, screenshots, or challenge data to external services. Without clear warnings, consent, and data-handling limits, users may unknowingly expose private content, authentication artifacts, or platform interaction metadata to third parties.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation exposes automated publishing, batch distribution, and scheduling capabilities that can post to external platforms and affect connected user accounts, but it does not provide any safety warning, confirmation requirement, or guidance about the consequences of running these commands. In an agent-skill context, undocumented side effects increase the risk of unintended posting, account misuse, or reputational damage because a user or downstream agent may invoke the APIs as if they were low-risk content-processing operations.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The API docs describe account configuration fields, cookie storage, and SMS/captcha handling without flagging them as credential-sensitive or privacy-sensitive data flows. This is dangerous because operators may mishandle phone numbers, cookies, and login artifacts, and agent implementations may automate access to protected accounts or verification flows without adequate user awareness or secure storage practices.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The changelog explicitly advertises automated CAPTCHA handling, including slider, click, text, SMS, and third-party solving services, without any warning about platform-policy violations, account suspension, legal exposure, or user-consent requirements. In the context of a multi-platform auto-posting tool, this normalizes bypass of anti-abuse controls and increases the likelihood of misuse against platform defenses.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The file describes anti-detection behavior such as staggered posting to avoid risk controls and random delays to simulate human activity, but provides no warning that these tactics may violate platform rules or trigger enforcement. In this skill's context, those features are not neutral automation—they are framed as evasion of platform monitoring during cross-platform bulk distribution.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 多平台内容自动分发 - Python 依赖 # 浏览器自动化 playwright>=1.40.0 # selenium>=4.15.0 # 可选，如需使用 Selenium # 图片处理
Confidence: 92% confidence
Finding: playwright>=1.40.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # selenium>=4.15.0 # 可选，如需使用 Selenium # 图片处理 Pillow>=10.0.0 # 配置解析 PyYAML>=6.0.1
Confidence: 97% confidence
Finding: Pillow>=10.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: Pillow>=10.0.0 # 配置解析 PyYAML>=6.0.1 # 验证码识别（可选） # easyocr>=1.7.0
Confidence: 96% confidence
Finding: PyYAML>=6.0.1

Unpinned Dependencies

Low

Category: Supply Chain
Content: # pytesseract>=0.3.10 # 其他工具 requests>=2.31.0 python-dateutil>=2.8.2 # 开发依赖（可选）
Confidence: 94% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 其他工具 requests>=2.31.0 python-dateutil>=2.8.2 # 开发依赖（可选） # pytest>=7.4.0
Confidence: 88% confidence
Finding: python-dateutil>=2.8.2

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical

Category: Supply Chain
Confidence: 93% confidence
Finding: Pillow

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 95% confidence
Finding: PyYAML

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 91% confidence
Finding: requests

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ```bash # 清除登录缓存 rm -rf data/cookies/* # 强制重新登录 python3 scripts/distribute.py --relogin
Confidence: 79% confidence
Finding: rm -rf data/cookies/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal