Tweet Humanizer

Security checks across malware telemetry and agentic risk

Overview

This is a text-only tweet editing skill with a metadata cleanup issue, but no evidence of hidden execution, account access, posting, persistence, or data theft.

Safe to install for tweet drafting QA. Before relying on automated permission handling, the publisher should consolidate the duplicate metadata and clearly state whether local Ollama access is actually required.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The skill contains conflicting network policy declarations: one section explicitly permits outbound access for local Ollama style checking, while another says outbound network is false. In agent systems that parse metadata inconsistently, the more permissive block could be honored, causing unexpected network-capable execution and weakening sandbox or review assumptions.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: Conflicting dependency declarations create ambiguity about whether the skill may invoke the `ollama` binary. In environments that auto-install or permit listed binaries, the permissive declaration can expand execution capability beyond what reviewers expect, increasing the chance of unintended local model invocation or policy bypass through parser disagreement.

VirusTotal

33/33 vendors flagged this skill as clean.

View on VirusTotal