XReplyAI - Social Post Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed XreplyAI social posting integration, but users should treat publishing and media upload actions as live external actions.

Install only if you trust XreplyAI and intend to let your agent manage connected social accounts. Keep the XREPLY_TOKEN private, review generated content before publishing, prefer scheduling or drafts for important posts, and double-check media file paths because selected images or videos are uploaded outside the local environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents commands that can publish immediately to live X, LinkedIn, and Threads accounts without an explicit warning that the action is irreversible and affects external third-party services. In an agent setting, this increases the risk of accidental unauthorized or premature posting because a model or user may treat the example as a harmless local operation rather than a live side effect.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The media upload sections describe sending local files from disk to the remote XreplyAI service but do not explicitly warn that the contents of those files leave the local environment. In agentic environments with filesystem access, this omission can lead to unintended exfiltration of sensitive images or videos if a user or model supplies the wrong path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal