Back to skill

Security audit

Tweet Ingest

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate Twitter/X reading purpose, but its metadata and instructions disagree about services, credentials, and the script users would actually run.

Review before installing. Only use this if you trust and control the referenced local tweet-ingest.py script, understand that Twitter/X targets may be sent to Jina AI or Apify, and are comfortable with Apify credential use and possible credit charges for thread or profile modes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill metadata says it uses TwitterAPI.io and requires TWITTER_API_KEY, but the body describes Jina AI and Apify as the real backends. This mismatch can mislead operators, policy engines, and users about where data is sent and which credentials are accessed, undermining security review and consent.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The documentation conflicts on whether an API key is needed and whether access is free versus paid, which can cause the agent or operator to invoke the skill under false assumptions. In security-sensitive environments, credential and billing ambiguity also obscures whether secrets or external paid services will be used.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages use on arbitrary Twitter/X URLs but does not clearly warn that URLs and fetched content are transmitted to third-party services. This creates a privacy and data-handling risk because user-provided links, profile targets, and resulting content may be disclosed outside the local environment without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that credentials may be auto-loaded from environment variables or 1Password, but it does not prominently warn that running the skill may access sensitive secrets from those stores. In an agent setting, silent secret retrieval expands trust boundaries and can surprise users or reviewers who did not intend to authorize secret use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.