Back to skill

Security audit

X Hot Topics

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Twitter trend/search skill, but it under-discloses external API use and may send user-derived topics to X/Twitter more broadly than users would expect.

Review before installing. Only use it if you are comfortable with your topics or interests being sent to X/Twitter through configured credentials, and prefer explicit X/Twitter-related prompts over broad trend or public-opinion requests. The evidence does not support a malicious verdict, and VirusTotal is clean, but the disclosure and scoping gaps are enough for Review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires environment-based X/Twitter API credentials and external access, but the manifest shown in the skill does not declare corresponding permissions or provide explicit capability disclosure. This creates a transparency and policy-enforcement gap: users and the platform may not realize that user-derived queries are sent to a third-party service using stored credentials.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially differs from the claimed purpose: it presents itself as analyzing interests and summarizing hot topics, but the described execution is a keyword-based recent tweet search that depends on undeclared external API access and returns raw tweet data. Description-behavior mismatches are dangerous because they defeat informed consent, can bypass expected review boundaries, and may cause the agent to invoke a skill under assumptions that are not true.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation scope is broad enough to trigger on common requests about trends or public opinion without clear constraints or confirmation, increasing the chance that ordinary user messages are converted into external API searches. In this context, that matters because the skill transmits user-derived interests/topics to X/Twitter and may do so unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill lacks a clear user-facing warning that it sends user-derived queries to the X/Twitter API using configured credentials. Without notice or consent, users may reveal sensitive interests, topics, or entities that are then shared with a third party, creating privacy and trust risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.