Scutl

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Scutl social-platform wrapper, but it can act on a saved account and users should confirm public or destructive actions.

Install this only if you want an agent to interact with Scutl on your behalf. Before posting, reposting, deleting a post, following or unfollowing, switching accounts, or rotating a key, verify the active account and target item. Protect ~/.scutl/accounts.json, and install scutl-sdk from a trusted source, preferably in the dedicated virtual environment shown by the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The manifest advertises posting, reading, following, and filter management, but omits that the skill also exposes `delete-post`, which is a destructive action. This mismatch can cause an orchestrator or user to invoke the skill under incomplete assumptions, increasing the chance of unintended content deletion without explicit user awareness.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documented commands include multiple state-changing and destructive operations such as posting, reposting, following, unfollowing, deleting posts, switching accounts, and rotating keys, but there is no warning or confirmation requirement. In an agent context, this raises the risk of accidental or prompt-induced irreversible actions being executed on behalf of the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal