Back to skill

Security audit

X (Twitter) Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed X/Twitter posting tool that uses user-provided credentials to publish user-supplied tweets, media, replies, and threads.

Install only if you intend to let this skill post publicly from the X account tied to the supplied credentials. Keep the four X credential variables private, review tweet text and media before running commands, and be especially careful with thread/stdin usage because it can publish multiple posts in one invocation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares access to sensitive environment variables containing X API credentials, but does not declare explicit permissions or provide a clear permission model for that capability. This creates a transparency and governance gap: users may not understand that the skill can read secrets and use them to perform authenticated actions against an external account.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The documented behavior exceeds the top-level description by including account verification, retrieval/display of account profile metrics, thread posting, and replying to existing tweets. Even if these features are legitimate, under-describing capabilities can mislead users about what the skill can do with their credentials and account, increasing the risk of unintended actions.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file implements chained reply posting to create multi-tweet threads, which exceeds the declared skill scope of publishing individual tweets with optional media. This capability expansion matters because downstream policy, approval, or user expectations may only account for single-post actions, while a thread can amplify content volume and bypass intended guardrails on one-shot publishing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explains how to publish tweets and upload media but does not prominently warn that supplied text and files are transmitted to X, a third-party service, and may become publicly visible. This can lead to accidental disclosure of sensitive, private, or copyrighted information through normal use of the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.