Back to skill

Security audit

Blog Auto Poster Skill

Security checks across malware telemetry and agentic risk

Overview

This blog-publishing skill matches its stated purpose, but it handles login cookies and public posting with too little protection for automatic approval.

Install only if you are comfortable giving the skill access to posting-account cookies and public publishing authority. Before use, avoid commands that display cookie values, confirm the exact destination accounts and draft/publish mode, and delete ./temp/publish.md after publishing sensitive or unpublished material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough to match common requests like 'publish this text to all platforms' without strong scoping or confirmation boundaries. In an agentic environment, this increases the chance the skill is invoked on ambiguous user input and performs unintended cross-platform publishing, which can expose data or cause unauthorized actions under stored credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to inspect and use platform cookies from a local .env file without any explicit warning about secret handling, least exposure, or safe output practices. Because these cookies authenticate posting accounts, careless handling could leak credentials in logs, terminal output, or follow-on prompts, enabling account takeover or unauthorized publishing.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill writes full article content to a persistent local temporary file and explicitly says it is not deleted afterward, but does not clearly warn the user about local data retention. If the content is sensitive, proprietary, or unpublished, this can leave recoverable data on disk for later access by other users, tools, or sessions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.