Back to skill

Security audit

X Comment Bot

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates posting X comments from a logged-in account, but it removes user review before public posts and describes optional follow-up tracking.

Install only if you are comfortable letting an agent use a logged-in X account to choose posts and publish replies without preview or approval. Prefer a dedicated low-risk account, require draft review before sending, clarify that likes are disabled, and avoid enabling cron follow-up or stored interaction history unless you explicitly want that behavior and have a way to delete it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill expands from one-off commenting into persistent tracking of social interactions and cron-driven re-engagement, which materially broadens scope and autonomy. That creates privacy risk, covert long-term account activity, and a higher chance of unwanted or policy-violating engagement without fresh user intent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad enough that normal conversational requests about X homepage interactions could invoke an autonomous posting workflow. In a skill that directly publishes comments, ambiguous activation increases the risk of unintended account actions and reputational harm.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill is designed to publish public comments automatically and explicitly forbids asking the user for confirmation before sending. Because this is an external write action on a real social account, removing human confirmation greatly increases the chance of accidental, harmful, or irreversible posting.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Persisting tweet URLs, authors, timestamps, and follow-up status creates a local activity log of the user's social interactions without any privacy notice or retention controls. If mishandled or accessed by others, this data can expose behavioral patterns and account activity history beyond the immediate task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.