Security audit

Reddit Marketing and GEO Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Reddit marketing helper that runs scheduled web monitoring and can post only after explicit user approval.

Install this only if you want a recurring Reddit-monitoring agent. Review every draft before saying Go or Post, confirm which Reddit account the browser is logged into, and make sure you know how to disable or change the twice-daily schedule.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill metadata and description frame the capability as delivering draft leads, but the body also authorizes actual Reddit posting via the browser tool after a simple approval command. This is a security-relevant scope mismatch because users or orchestrators may grant permissions expecting passive monitoring/reporting while the skill can perform external actions on third-party platforms.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The README describes broad autonomous behavior such as spawning a background sub-agent, monitoring Reddit, interviewing for configuration, and changing schedules via natural-language commands, but it does not define clear activation boundaries or user-consent constraints. In practice, this ambiguity can cause the skill to run in unintended contexts or respond to loosely related requests, increasing the risk of unauthorized automation, persistent monitoring, and misuse of enabled tools like browser and session spawning.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly advertises scheduled background operation, deep web search, browser analysis, and pre-scheduled wakeups, yet it provides no prominent warning that the skill will perform ongoing network activity and consume local/system resources after installation. This is dangerous because users may unknowingly enable persistent browsing and data collection behavior, creating privacy exposure, unexpected outbound traffic, and reduced transparency around what the agent is doing when the user is inactive.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The schedule-change phrase is broad and underspecified, creating a risk that ordinary conversational text or quoted examples could be interpreted as a command to alter recurring background execution. Because this affects persistent scheduled behavior, accidental or adversarial triggering could silently change when the agent runs or reports.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill performs recurring background monitoring, spawns a sub-agent, and delivers scheduled reports, but the disclosure is minimal and does not clearly communicate the ongoing nature and privacy implications of persistent monitoring behavior. Users may not fully understand that the system continues to search, fetch, and process content on a schedule outside the immediate interaction.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal