Back to skill

Security audit

A real-time intelligence feed tracking the top 50 AI organizations and influencers globally.

Security checks across malware telemetry and agentic risk

Overview

This skill appears aimed at X/Twitter monitoring, but it reuses the user's Chrome X/Twitter session and supports scheduled outbound reports, which needs careful review before installation.

Install only if you are comfortable with the skill using your existing Chrome X/Twitter login and sending scheduled reports. Prefer a dedicated browser profile or throwaway X account, verify every Feishu/Bitable and push destination, disable scheduling until reviewed, and do not rely on any 'official API' mode unless you confirm it returns real live data rather than mock output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises automation that relies on code capabilities such as environment access but does not declare permissions, which obscures what sensitive resources the skill may read at runtime. In a security review context this is dangerous because undeclared capability use weakens user consent and makes it harder to constrain access to secrets, tokens, and local execution context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a significant description-behavior mismatch: the skill claims simple X/Twitter monitoring, but the analyzed behavior includes reading Feishu/Bitable account lists, accessing local Chrome X/Twitter login cookies, and presenting an 'official API mode' that reportedly uses mock data rather than the real API. Hidden access to browser session cookies is especially sensitive because it can expose authenticated sessions and local user context without informed consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script explicitly calls `scraper.useCookiesFromBrowser('chrome')`, which accesses and reuses the user's existing Chrome X/Twitter session rather than using a dedicated token or explicit login flow. That expands the skill's access to browser-stored authenticated session material without clear consent, making session misuse or unintended account actions possible if the scraper library or surrounding code is compromised.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description includes broad phrases like 'X日报', 'Twitter监控', and 'AI动态' without clear boundaries, which can cause the skill to activate unintentionally in unrelated conversations. Over-broad triggering is risky here because the skill performs automated monitoring and may access sensitive local/browser state, so accidental invocation can lead to unintended data access or automated actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes automatic login via reuse of an existing browser X session and daily scheduled pushing, but it does not clearly warn about the privacy and automation risks of reusing authenticated local sessions. In context, this is more dangerous because the feature is framed as frictionless convenience, which may normalize silent access to browser cookies and background operation without meaningful user awareness.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Reusing the current Chrome X session cookies without a user warning means the skill silently depends on authenticated browser state and may access account-scoped data under the user's identity. Even though the code appears aimed at scraping public tweets, the mechanism is sensitive because it touches credential-equivalent session artifacts and normalizes hidden session access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/x-monitor.js:24

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/x-monitor.js:11