Tweet Humanizer

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a text-only tweet editing skill with a metadata cleanup issue, but no evidence of hidden execution, credential access, posting, persistence, or data exfiltration.

Safe to install for tweet drafting QA. Before relying on automated permission handling, the publisher should remove the duplicate metadata and clearly state whether Ollama/local network access is actually required.

SkillSpector (1)

By NVIDIA

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill file contains contradictory metadata about outbound network access and the need for the `ollama` binary: one section says outbound network is enabled and `ollama` may be called, while a later section says outbound is disabled and no binaries are required. In systems that auto-enforce permissions from metadata, this ambiguity can lead reviewers or tooling to grant broader capabilities than intended, increasing the risk of unexpected local model invocation or network egress.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

33/33 vendors flagged this skill as clean.

View on VirusTotal