Talos Pro — Social Media Command Centre

Security checks across malware telemetry and agentic risk

Overview

Talos Pro is a local social-media calendar generator with predictable local exports, but users should avoid its unsafe global Python install command.

Install only if you are comfortable with a paid license-key gate and local calendar export files being created where the skill runs. Use a virtual environment or other isolated Python environment instead of the documented `--break-system-packages` install command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill writes three local files (JSON, CSV, and Markdown) without clearly warning the user in the top-level description or setup summary. While the files are not inherently sensitive, unexpected disk writes can leak business planning data, clutter workspaces, or overwrite expectations in automated environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal