📰 ZeeLin Report-to-X AutoPost

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can publish public X posts and set up recurring automation without strong review or containment safeguards.

Review before installing. Use it only with an X account you intentionally want automated, inspect the separate tweet.sh helper first, require a preview and explicit approval before first posting or cron setup, and fix the script so it confirms posting success before updating its posted-state file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill clearly describes capabilities to fetch remote content, write persistent state, invoke shell scripts, post to X via a logged-in browser session, and schedule cron jobs, yet it declares no permissions. This mismatch is dangerous because it hides the true power of the skill from users and any permission-gating system, increasing the chance of unauthorized file writes, network access, shell execution, and external account actions without informed approval.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The description uses broad phrases like daily report-to-X posting, website report promotion, and automated sharing from a report list, which can match a wide range of generic automation requests. Over-broad invocation increases the risk the skill is selected in contexts the user did not specifically intend, leading to unintended network scraping, shell execution, state changes, or posting from the user's logged-in X session.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger examples are open-ended and illustrative, but they do not define boundaries, prerequisites, or exclusions for activation. In a skill that can autonomously post to a social media account and create scheduled jobs, ambiguous triggers make accidental activation more dangerous because the resulting actions are external, persistent, and potentially hard to notice immediately.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill is designed to publish content through the user's logged-in X web session and optionally set up cron-based recurring execution, but it does not prominently warn that it will take autonomous external actions on the user's account. This is especially risky because social posting and scheduled repetition can affect the user's reputation, create unwanted public content, and continue operating after the initial interaction if cron is enabled.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script automatically publishes content to a logged-in X session with no user confirmation or approval step. In this skill context, that is more dangerous because the post content is derived from remote website data, so a compromised source or parsing error can trigger unwanted public posting, reputational harm, or policy-violating content under the user's account.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal