Back to skill

Security audit

Pinterest Browser Publisher

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Pinterest publishing automation tool, but it needs Review because it stores reusable login cookies, can publish live posts automatically, and documents anti-detection/proxy tactics.

Install only if you are comfortable giving the skill reusable Pinterest session access and allowing scripts to post to your account. Use an isolated environment or dedicated Pinterest account, inspect and edit the hardcoded pin lists before running, protect or delete ~/.config/pinterest/cookies.json, avoid the anti-detection/proxy guidance, and prefer scripts that stop for manual review before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (19)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented behavior goes beyond the declared purpose, including saving authentication-related cookies, taking local screenshots, using hardcoded paths/content, and partially manual flows. This mismatch is dangerous because users may grant trust based on an incomplete description, while the skill handles sensitive session material and writes artifacts to disk in ways they did not clearly consent to.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation explicitly promotes 'anti-detection' behavior to reduce account bans, which is an evasion capability rather than ordinary publishing automation. In a browser-automation skill targeting a third-party platform, this increases abuse potential by helping users bypass platform safeguards and makes the skill more dangerous in context.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The README claims the skill is for pin publishing, but it also documents rate limits for comments and follows, which expands the apparent capability scope into broader account interaction. That mismatch is risky because it normalizes or encourages automating additional engagement actions that can be abused for spam or account manipulation beyond the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Recommending residential proxies to work around login loops or CAPTCHA is a strong evasion signal. In the context of browser automation against a consumer platform, this guidance facilitates bypassing platform anti-abuse controls and makes the skill more suitable for stealthy mass automation or account misuse.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly prints values of cookies whose names suggest session, token, or auth data to stdout. Even truncated values are sensitive because terminal logs, shell history capture, CI logs, screen recordings, or shoulder surfing can expose reusable authentication material or aid session theft. In the context of a browser automation publisher that persists login state, these cookies are especially security-critical because they enable account actions without reauthentication.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README encourages persistent storage of Pinterest login cookies but does not warn that the cookie file is effectively an authentication secret that can enable account hijacking if copied. Because this skill is designed for repeated automated posting, the persisted session materially increases the risk of unauthorized account access on a compromised host or shared environment.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly stores Pinterest login cookies at ~/.config/pinterest/cookies.json but does not prominently warn that these cookies are sensitive session tokens equivalent to authenticated access. If another local user, process, backup system, or malware reads this file, an attacker may hijack the Pinterest session without needing the user's password.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs the final publish action automatically using an authenticated browser session, with no explicit user confirmation immediately before the irreversible post. In the context of a Pinterest auto-publisher with persisted cookies, this increases the chance of accidental or unauthorized posting if content, selectors, or session state are wrong or manipulated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script saves the full browser cookie jar to ~/.config/pinterest/cookies.json, which likely includes session/authentication cookies that can be reused to access the Pinterest account. Storing these secrets on disk is inherently sensitive, and the script does so without explicit user warning, permission hardening, encryption, or file mode controls, increasing the risk of local credential theft from other users, malware, backups, or accidental sharing.

Missing User Warnings

High
Confidence
99% confidence
Finding
Printing authentication cookie values to the console exposes credentials outside the browser boundary and can leak them into terminal scrollback, log collection systems, support transcripts, or recorded sessions. Because this skill's purpose is to automate publishing with persisted login state, exposed cookies could allow an attacker to hijack the Pinterest session and publish, modify, or access account content as the victim.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists Pinterest session cookies to disk in a predictable location under the user's home directory without explicit opt-in, warning, or permission hardening. If another local user, process, backup system, or malware can access that file, the stored session may be reused to impersonate the user and access or act on their Pinterest account.

Missing User Warnings

Low
Confidence
87% confidence
Finding
On error, the script writes a screenshot to a fixed local path without warning the user, and that screenshot may capture sensitive information such as account details, board names, uploaded content, or other visible browser data. Fixed-path artifact creation also increases the chance of unintended retention or exposure through shared machines, backups, or local malware.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script extracts authenticated Pinterest session cookies from the browser context and writes them in plaintext JSON to a persistent file under the user's home directory. Those cookies can be reused to impersonate the user's Pinterest session if local malware, another local user, backups, or other tools can read the file; the risk is heightened because the skill explicitly relies on persistent cookie reuse for future automated publishing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently reads persisted Pinterest authentication cookies from a user-specific local file and injects them into the browser context. This enables authenticated actions under the user's account without an explicit consent step, making account misuse or unintended posting more likely if the script is run in the wrong context or modified inputs are supplied.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script directly clicks the Pinterest publish button and performs live posting with no user confirmation, dry-run mode, or final review gate. Because publishing is externally visible and difficult to fully undo, any mistake, manipulated content, or unintended execution can cause immediate account, brand, or reputational harm.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script saves authenticated Pinterest session cookies to a predictable plaintext file under the user's home directory without a clear warning, consent flow, or permission hardening. If another local user, malware, backup system, or unintended process can read that file, the Pinterest session may be hijacked and reused without needing credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists Pinterest session cookies to disk in a predictable location without any user-facing warning, consent flow, or file permission hardening. Stored session cookies can allow anyone with local access to replay the authenticated browser session and act as the user on Pinterest until the session expires or is revoked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently loads persistent Pinterest authentication cookies from a user-local file and injects them into a browser session. In an agent skill context, this can cause actions to run under an existing logged-in account without clear user awareness, increasing the risk of unauthorized account use or unintended posting if the skill is invoked in the wrong environment.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script automatically clicks the publish button and performs a real external state-changing action on Pinterest with no confirmation gate, dry-run mode, or operator review. In this skill's context, browser automation for publishing is the core behavior, which makes the risk more acute because invoking the skill can directly create public or account-visible content using the user's authenticated session.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.