Security audit

Trump Truth Social Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill fetches a public Truth Social archive, stores it locally, and can optionally create local keyword alert reports as disclosed.

Install only if you want a local retained archive of public Trump Truth Social posts. Running sync writes a SQLite database under ~/.openclaw/workspace/temp, and using --write-report appends alerts under ~/.openclaw/workspace/reports; review or delete those files if you do not want local retention. Treat market alerts as simple keyword matches, not financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill performs network access and local file/database writes but does not declare any permissions, which weakens transparency and any permission-gating the host may rely on. In practice this can cause users or orchestrators to invoke a skill that persists data or reaches external endpoints without an explicit trust decision.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The stated purpose focuses on syncing and querying Truth Social data, but the documented behavior also includes keyword-based market-impact alerting and writing alert reports. This hidden expansion of scope is risky because users may authorize simple archival/query behavior without realizing the skill also performs content analysis and generates persistent reports.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger conditions include broad keyword matching such as mentions related to Truth Social or Trump posts, which can cause the skill to activate in contexts where the user did not intend a network sync or local persistence action. Over-broad invocation increases the chance of unintended data fetches, writes, and side effects.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation states that the skill writes to a local SQLite database and may append to a Markdown report, but it does not prominently warn the user at execution time. Silent persistence is dangerous because stored political content and generated alerts may accumulate across sessions, surprise users, or expose data to other local processes and users.

Session Persistence

Medium

Category: Rogue Agent
Content: ### 表结构 ```sql CREATE TABLE truth_posts ( id TEXT PRIMARY KEY, created_at TEXT, content TEXT NOT NULL,
Confidence: 88% confidence
Finding: CREATE TABLE truth_posts ( id TEXT PRIMARY KEY, created_at TEXT, content TEXT NOT NULL, url TEXT, replies_count INTEGER, reblogs_count INTEGER, favourites_count INTEGER,

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal