Back to skill

Security audit

Social Video Analytics Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for social analytics and competitor benchmarking, with a privacy disclosure gap but no evidence of hidden or malicious behavior.

Before installing, confirm what account, competitor, or social analytics data the skill sends to its external service, what authorization it requires, and whether that data handling is acceptable for your organization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill promotes competitor benchmarking and links to an external analytics service, but it does not clearly warn users that competitor/account data may be accessed, processed, or sent to a third party. This can mislead users about data handling expectations and create privacy/compliance risk, especially for business social account analytics.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.