Back to skill

Security audit

bluesky-skill

Security checks across malware telemetry and agentic risk

Overview

This is a real Bluesky account-management skill, but it needs review because it can make sensitive account changes and stores a reusable session token on disk with weak safeguards.

Review before installing. Use a dedicated Bluesky app password, do not enable DM access unless needed, confirm the actual script path before running commands, require explicit approval for posting/deleting/DM/profile/social-graph actions, and delete `~/.bsky_session.json` when switching accounts, using a shared machine, or revoking access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares broad capabilities to read/write files and use Bash while also requiring sensitive credentials from environment variables, but it does not present an explicit permission model or constrain how those capabilities should be used. This creates a real risk that the skill can access secrets, modify local files, and persist data beyond what a user may reasonably expect for a social-media integration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill enables account-affecting and privacy-sensitive actions such as DMs, blocks, mutes, follows, deletes, and profile updates, yet it provides no safety guidance requiring confirmation before destructive or sensitive operations. In an agent setting, that omission increases the chance of unintended account changes, privacy violations, or irreversible social actions initiated from ambiguous prompts.

Session Persistence

Medium
Category
Rogue Agent
Content
Manage a Bluesky (bsky) account — posting, replies, likes, reposts, follows,
  blocks, mutes, search, timeline, threads, notifications, DMs, and profile
  updates via the AT Protocol.
allowed-tools: Bash Read Edit Write Glob Grep
metadata:
  openclaw:
    requires:
Confidence
95% confidence
Finding
Write Glob Grep metadata: openclaw: requires: env: [BLUESKY_HANDLE, BLUESKY_APP_PASSWORD] bins: [python3] primaryEnv: BLUESKY_HANDLE --- # Bluesky Account Management Operate a

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:30