Back to skill

Security audit

Twitter Trend Radar

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a transparent research tool that searches X/Twitter through a local CLI and writes local reports or caches.

Before installing, understand that this skill relies on the external bird CLI and may use your browser's X/Twitter session to perform searches. Keep it read-only, avoid using it with accounts you cannot risk rate-limiting or blocking on, and review or clear its local cache/reports if tweet data or research topics are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs use of shell commands, network access, and writing output reports, but it does not declare any permissions or capability boundaries. This creates a trust and enforcement gap: an agent or platform may execute filesystem, shell, and network actions without explicit user-visible authorization, increasing the chance of unintended data access, credential exposure, or unsafe command execution in environments that rely on declared permissions for sandboxing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.