Content Auto Poster

Security checks across malware telemetry and agentic risk

Overview

This skill openly aims to auto-publish and schedule content on public third-party platforms, but it does not define confirmation, account-access, or cancellation safeguards.

Review carefully before installing. Use it only for content you intend to publish publicly or semi-publicly, require manual preview and explicit approval for each target platform, and do not provide credentials or confidential drafts unless the authentication method, storage behavior, and cancellation process are clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly automates publishing user-provided content to multiple third-party platforms, but the documentation does not warn users that their content will be transmitted externally or that platform-specific credentials, privacy, and compliance concerns may apply. This can lead to accidental disclosure of sensitive, copyrighted, internal, or regulated information because users may not realize the action leaves the local environment and performs public or semi-public posting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal