Back to skill

Security audit

Twitter Thread Scheduler

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to post and schedule X/Twitter threads, but it declares one credential source while its instructions use another local credential store and delayed posting jobs.

Install only if you are comfortable giving an agent the ability to post and schedule public X/Twitter threads. Before use, confirm which credential source is actually used, which X account it controls, how to inspect or cancel at jobs, and how to remove queued posts and logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest frames the skill as a simple Twitter thread poster, but the documented behavior also includes local scheduling via `at` and persistence of queue/log files. This expands the operational and data-handling scope beyond what the manifest clearly discloses, increasing the chance that users invoke delayed execution or local data retention without understanding the security and privacy implications.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill metadata claims the primary credential is `TWITTER_ACCESS_TOKEN`, but the documentation says the script actually pulls OAuth credentials from `~/.xurl`. This credential-source mismatch is dangerous because it can cause users and security tooling to approve or sandbox the skill based on the wrong secret, while the implementation accesses a broader or more privileged local credential store than declared.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.