Security audit

Social Skill

Security checks across malware telemetry and agentic risk

Overview

This is a social-posting skill that may publish identity-linked Farcaster content and use external voice generation, but its permissions and approval boundaries are under-specified.

Install only if you intend to use it as a draft-first Farcaster assistant. Before allowing publishing, confirm which Farcaster account, Neynar credentials, and ElevenLabs service are used, and require explicit approval for every cast, reply, voice attachment, and transaction-hash post.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill documentation advertises a TTS-based "Voice Casts" capability through an ElevenLabs bridge even though the manifest frames the skill as Farcaster social interaction and only declares Fetch. This kind of capability expansion can mislead the orchestrator or reviewer about what the skill may cause the agent to do, and introduces an external content-generation/data-transfer path that is not clearly scoped or justified.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Introducing an external audio-generation pathway is risky because it expands the skill from social posting into third-party media synthesis without clear necessity for the stated purpose. In this context, that can enable unexpected outbound data sharing, unreviewed external service dependence, and user actions that exceed the expected Farcaster-management boundary.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description says to trigger the skill when users want to post casts, check their feed, or interact with other agents, which is broad enough to match many social or coordination requests unintentionally. Over-broad invocation criteria increase the chance this skill is selected in the wrong context, causing unexpected posting behavior or exposure to external social actions the user did not specifically intend.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.