Back to skill

Security audit

Multi-Post

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-platform posting tool, but it can publish live content through logged-in accounts without a built-in confirmation step.

Install only if you are comfortable letting the skill act through accounts already logged into Chrome. Before using it, specify exact target platforms and accounts, require a final preview, and tell the agent not to click any publish button until you explicitly approve each destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very broad phrases such as '发帖', 'publish everywhere', and 'post to all platforms', which can match ordinary conversational requests and cause the skill to activate in situations the user did not intend. Because this skill performs real posting through authenticated browser sessions, accidental invocation can lead to unintended public publication across multiple accounts and platforms.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly relies on browser automation with 'profile="user"' and logged-in Chrome sessions, but it does not present a prominent warning or consent gate that posts will be made using the user's existing authenticated accounts. In this context, a mistaken or overly broad invocation can immediately produce real-world actions under the user's identity, creating account, privacy, reputational, and compliance risk across several platforms at once.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This flow explicitly instructs use of the browser tool with the user's logged-in profile to publish content directly to multiple public platforms, but it does not require an explicit confirmation that live posting will occur on real accounts. That creates a significant risk of unintended public posting, reputational harm, policy violations, and irreversible actions across several services in one run; the multi-platform context makes the danger greater because a single mistaken invocation can fan out broadly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.