X Webmcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed X/Grok automation skill, but it can affect a live X account when the user directs it to post or upload files.

Install only if you want an agent to use a dedicated signed-in X profile. Keep that profile isolated, review any post, reply, article, or upload before allowing a non-dry-run action, and only provide file paths you intentionally want sent to X or Grok.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill is explicitly designed to operate an authenticated X session, post content, upload local files, and send prompts to Grok, but it does not clearly warn that user content, attachments, and account actions will be transmitted to third-party services. In this context, the omission increases the risk of unintended disclosure of private data or accidental public posting because the skill normalizes authenticated actions without foregrounding privacy consequences.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest allows implicit invocation while the default prompt authorizes connecting to an authenticated X profile and performing both read and write actions. In this context, that means the skill could be triggered without sufficiently explicit user consent, increasing the risk of unintended access to private timeline data, account state, or posting actions on the user's behalf.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal