Security audit

zeelin-x-creator-briefing

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but its default and scheduled workflows can post generated content publicly to X without a clear review step.

Install only if you intentionally want automated X posting. Before running it, inspect the separate autopost skill, confirm which account it uses, avoid `run-briefing.sh` or remove `--publish` for draft-only use, and do not enable cron unless unattended public posting is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The script is primarily framed as a briefing generator, but with --publish it can post externally to X via another skill's shell script. In an agent-skill context, undisclosed outbound posting is a meaningful capability escalation because a user or orchestrator may run the tool expecting local report generation only, yet it can trigger public actions under existing account credentials.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document explicitly states that the workflow will '自动发布到X' as part of an automated cron task, but it provides no warning, consent boundary, approval step, or description of what data may be transmitted externally. In an agent skill, unattended external publication increases the risk of unintended disclosure, reputational harm, and misuse if generated content is inaccurate, sensitive, or manipulated upstream.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README advertises automatic publishing to X and other platforms, but it does not clearly warn users that running the skill can cause real external posts from connected accounts. In an agent/automation context, this is risky because users may invoke the workflow expecting content generation only, while the skill performs irreversible public actions affecting reputation, compliance, and account safety.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The example command includes '--publish true' in a quick-start path without a user-facing warning that it will post publicly if credentials are configured. Quick-start examples are especially dangerous because users often copy-paste them verbatim, which can trigger unintended publication to external services.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The multi-platform publishing example shows posting to several external services at once but provides no warning that one command may broadcast content broadly across connected accounts. This increases the blast radius of mistakes, including accidental spam, disclosure of unreviewed content, and reputational damage across multiple platforms.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger conditions are broad enough to activate on generic phrases like '抓取推文' or mentions of a creator name plus '推文', which can cause the skill to run in contexts where the user did not intend full social-media scraping and publishing. In this skill, unintended activation is more dangerous because the workflow includes downstream automation steps such as fetching external content and posting to X, increasing the chance of accidental data processing or publication.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises an end-to-end workflow that culminates in automatic posting to X, but it does not present a prominent warning that generated content will be publicly published or require explicit human review before posting. This is dangerous because scraped or summarized third-party content may be inaccurate, sensitive, or noncompliant, and accidental publication can create reputational, privacy, or policy violations.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The optional publish path can cause a real-world external side effect—posting content to X—without any runtime warning or confirmation beyond the presence of a flag. In agent environments, a simple flag can be easy to overlook or be set by higher-level automation, making accidental unauthorized posting more likely when account credentials are already configured.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal