Security audit

Social Intel Hub

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed social-media scraping and analysis tool whose main risk is privacy handling of collected posts, comments, caches, and exports.

Install only if you are comfortable sending search terms to the configured mcporter/TikHub services and storing scraped social content locally. Use --no-cache for sensitive searches, clear /tmp/social_intel_cache when needed, avoid confidential keywords, and be careful exporting or sharing files that include usernames, comments, URLs, or other personal content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill is designed to scrape, cache, analyze, and export social-media content across multiple platforms, yet it does not warn users that collected data may include personal, sensitive, or regulated information. This omission can lead to unsafe handling of personal data, overcollection, and secondary exposure through cached files or exported CSV/Excel outputs.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The skill collects and displays user-generated comments, usernames, and timestamps without any privacy notice, minimization, or consent controls. In a social-intelligence context this increases the risk of unnecessary personal-data processing, downstream retention in exports/logs, and misuse of scraped content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal