Back to skill

Security audit

X (Twitter) Publisher

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward X posting skill that uses live account credentials and posts publicly only when its documented commands are invoked.

Install only if you intend to let this skill post from the configured X account. Use a dedicated or test account where possible, keep the OAuth credentials scoped and rotated, and review tweet/thread text and media paths before running publish commands because there is no dry-run or confirmation step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares environment variable access to live X API credentials but does not declare corresponding permissions beyond the raw env list in metadata. That creates a governance and transparency gap: a user may not realize the skill can access account-linked secrets and perform authenticated actions on their behalf. In this context, undeclared capability is more dangerous because the skill can publish to a real public account.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior exceeds the declared purpose: besides publishing tweets, it verifies credentials, retrieves account profile/statistics, and supports reply-chained thread posting. This mismatch weakens informed consent and can surprise operators with extra account data access and broader posting behavior than expected. In a social media publishing skill tied to live credentials, such hidden scope expansion increases risk.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This script adds a thread-posting capability that is broader than the skill metadata, which describes publishing individual tweets with optional media. Scope mismatch is a real security concern because users, policy engines, or reviewers may grant trust based on the declared capability set, while this file enables multi-post chained publishing that can amplify unintended or unauthorized outbound actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Telling operators to 'publish a test tweet' without a clear warning that this creates a real public post can cause unintended actions on the user's live X account. In a skill that performs external side effects, missing disclosure materially increases the chance of accidental public posting, reputational harm, or policy violations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The usage section lacks an explicit warning that tweet and thread commands perform irreversible public actions against a live X account. This can lead to accidental posting, reputational damage, or unintended disclosure if users test the skill with real credentials. The danger is elevated because the skill is designed to affect an external public platform immediately.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill performs a real tweet publication immediately once invoked, without an explicit pre-action confirmation step or dry-run safeguard. Because posting to X is an irreversible external side effect, accidental invocation, prompt/parameter manipulation, or misuse by a higher-level agent could cause unintended public posts from the user's account.

Credential Access

High
Category
Privilege Escalation
Content
---
name: X (Twitter) Publisher
description: Publish tweets to X (Twitter) using the official Tweepy library. Supports text-only tweets, tweets with images or videos, and returns detailed publish results including tweet ID and URL. Requires X API credentials (API Key, API Secret, Access Token, Access Token Secret).
env:
  - X_API_KEY
  - X_API_SECRET
Confidence
90% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
---
name: X (Twitter) Publisher
description: Publish tweets to X (Twitter) using the official Tweepy library. Supports text-only tweets, tweets with images or videos, and returns detailed publish results including tweet ID and URL. Requires X API credentials (API Key, API Secret, Access Token, Access Token Secret).
env:
  - X_API_KEY
  - X_API_SECRET
Confidence
90% confidence
Finding
Access Token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.