Xqueue

Security checks across malware telemetry and agentic risk

Overview

The skill is a file-based X/Twitter posting queue whose external posting and credential lookup behavior is coherent with its purpose, but users should understand queued content and media are uploaded to X.

Install only if you intend Codex to help post queued content to X/Twitter. Treat anything placed in the queue, including text, community IDs, images, and videos, as content that may be uploaded publicly or to the selected community; use test mode or validation first and prefer environment variables if you do not want the script querying macOS Keychain.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 76% confidence
Finding: The skill is described as a file-based scheduler, but it also accesses macOS Keychain via a subprocess to retrieve credentials. That hidden credential-access behavior expands the trust boundary and may surprise operators who expect only filesystem-based behavior, especially in agent ecosystems where capabilities should be explicit.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill clearly sends tweet text and attached media to external X/Twitter endpoints, but the description does not explicitly warn users that local files placed in the queue will be transmitted off-host. In a file-based workflow, users may mistakenly treat queued content as local-only, increasing the risk of accidental disclosure of sensitive text or media.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal