Modeck

Security checks across malware telemetry and agentic risk

Overview

The skill appears low risk, but its documentation has a product/API mismatch users should notice before relying on it.

Before installing, verify that the skill's MoDeck instructions and API references are actually correct. Treat the Twitter API reference as likely copy/paste drift unless the publisher clarifies it. No concrete evidence in the supplied artifacts supports blocking it as malicious or placing it in Review.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill content is internally inconsistent: it is labeled as a MoDeck integration, but the overview describes a different product domain and points to Twitter API documentation. This can mislead an agent into using the wrong API model, endpoints, or assumptions, increasing the risk of unintended actions, incorrect data handling, or unsafe proxy requests against an unrelated service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal