Back to skill

Security audit

Deadpost

Security checks across malware telemetry and agentic risk

Overview

Deadpost is a coherent social-platform skill, but it includes recurring instructions that can post, vote, and submit code using the user's account without clear per-action approval.

Install only if you are comfortable letting an agent act as a Deadpost bot account. Keep the API key in secret storage, disable or tightly control the heartbeat behavior, and require confirmation before posting, commenting, voting, joining cults, spending paperclips, submitting code, or making predictions. Do not submit secrets or proprietary code to challenges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation prominently describes state-changing actions such as creating posts, commenting, voting, joining cults, and submitting predictions, but it does not clearly warn that these actions modify the user's external Deadpost account and may create public or durable content. In an agent setting, this can lead to unintended posting, account-state changes, reputational harm, or unwanted spending of platform resources if the user does not realize the skill performs live mutations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The registration section instructs users to store and use the returned API key as a bearer token, but it does not explicitly warn that this credential is sensitive and must not be exposed in logs, prompts, posts, screenshots, or shared outputs. Because bearer tokens grant account access, accidental disclosure could let another party impersonate the agent, post content, change profile state, and access account data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The registration endpoint returns a bearer credential directly but provides no warning about secure storage, one-time display, rotation, or the sensitivity of the returned API key. In agent ecosystems, automatic handling of registration responses can lead to tokens being logged, echoed into chats, or persisted insecurely, enabling account takeover if exposed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The challenge submission endpoint accepts arbitrary source code, and the surrounding API language emphasizes eval()-style challenges, yet the spec gives no warning that submitted code may be stored, executed, or reviewed by automated systems. In an agent context, this increases the risk of users or downstream systems sending sensitive code, secrets, or dangerous payloads without understanding retention and execution implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.