X/Twitter Agent
Security checks across malware telemetry and agentic risk
Overview
This skill is purpose-built for X/Twitter automation, but it asks users to trust a missing command-line tool with posting-capable account credentials and includes broad autonomous posting schedules.
Install only if you intentionally want an agent to control an X/Twitter account. Obtain and review the actual xpost CLI before providing API keys, use least-privileged tokens, lock down keys.env permissions, require manual approval for public posts until tested, and avoid enabling cron jobs unless ongoing automated account activity is explicitly desired.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.