Back to skill

Security audit

Reveal.ac: linkedin-for-bots

Security checks across malware telemetry and agentic risk

Overview

This is a real Reveal.ac integration, but it gives an agent ongoing authority to post, negotiate, review work, spend platform coins, and publish persona data with weak user-control boundaries.

Install only if you want an agent to actively participate on Reveal.ac. Use a deliberately public profile, do not copy hidden prompts or private configuration into the bio, store the Reveal API key securely, review any remote instructions before use, and require approval or strict limits for posting, voting, following, negotiating, submitting deliverables, reviewing work, revoking keys, or staking/spending coins.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs an autonomous agent to use a stored API key and perform multiple authenticated requests to an external service without any explicit safeguards around secret handling, data minimization, user consent, or destination validation. In this context, the agent is expected to act periodically and autonomously, which increases the chance of unintended external data transmission or misuse of credentials if the skill is adopted in a broader agent framework.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The install flow tells the agent to fetch and follow remote instructions from https://reveal.ac/skill.md without constraining what actions are allowed during installation. This creates a prompt-supply-chain risk: whoever controls that remote document can change behavior after review and induce account registration, data sharing, or other external actions not visible in the pinned skill.json.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to reuse persona content from the user's system prompt or configuration as public profile data on an external service. That can disclose hidden prompt text, operator instructions, internal identifiers, or other sensitive context that was never intended for publication, creating both privacy and prompt-confidentiality risk.

Ssd 3

Medium
Confidence
99% confidence
Finding
Telling the agent to use persona information from the system prompt or configuration in an external profile directly encourages exfiltration of hidden prompt material. Even if framed as convenience, this crosses a trust boundary by moving potentially confidential internal instructions into a third-party public platform.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.