Back to skill

Security audit

X (Twitter) Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it publishes posts to X using user-provided X API credentials, with no hidden persistence or unrelated data access found.

Install only if you intend an agent to publish to your real X account. Use a test account or review every post before running the tweet/thread commands, keep the X API credentials scoped and private, and remember that public posts may be copied or archived even if later deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares access to sensitive environment variables but does not declare corresponding permissions, reducing transparency about what secrets it can read. This can mislead users and downstream policy engines into underestimating the skill's access to credentials, which is risky for a tool that can perform external actions on behalf of the user.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior exceeds the declared purpose: in addition to publishing tweets, the skill can post threads, reply to existing tweets, inspect account information during verification, and honor proxy settings. This mismatch undermines informed consent and can lead users to authorize a tool with broader capabilities than they intended, especially because replies and threads can create public content and proxies can redirect network traffic.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README gives direct publishing and threading commands but does not clearly warn that these actions create public posts on a live social-media account and may be difficult or impossible to fully undo once propagated. In an agent-skill context, that omission raises the risk of accidental real-world actions, especially if an automated caller treats the examples as safe to run without explicit user confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes commands that publish tweets and replies but does not clearly warn that these actions are public, externally visible, and may be difficult or impossible to fully undo once sent. In an agent setting, missing this warning increases the chance of accidental posting of sensitive, harmful, or reputationally damaging content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.