Security checks across malware telemetry and agentic risk
The skill appears to be a legitimate API integration, but it repeatedly puts API tokens in URLs and enables broad social-profile data collection without enough safety guidance.
Review before installing. Use a low-scope, revocable API token, avoid logging full request URLs, and rotate the token if it may have appeared in logs. Only use the social-profile and follower data features where you have a lawful, platform-compliant reason, and avoid storing or sharing unnecessary personal data.
"parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token","parameters": [
{
"defaultValue": null,
"description": "API access token.",
"enumValues": [],
"location": "query",
"name": "token",66/66 vendors flagged this skill as clean.