Back to skill

Security audit

Ai Social Media Content

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it also shows a live Twitter/X posting command without a clear warning or confirmation step.

Install only if you trust inference.sh and are comfortable with its CLI login session. Treat any Twitter/X posting command as a live public action: review all generated text and media yourself, require explicit confirmation before posting, and use least-privilege credentials for the intended account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a content creation workflow, but it includes a live publishing example that posts directly to Twitter/X. That expands the capability from draft generation to account-side action, which can cause unintended public posting, reputational harm, or misuse if a user or agent invokes it without realizing it performs a real external side effect.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation scope suggests media creation, but the included workflow also performs posting to a live social platform. This mismatch increases the chance that downstream agents or users grant the skill broader trust than intended, enabling real-world actions under a seemingly low-risk content-generation label.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list contains broad phrases like 'social media content,' 'reels,' 'shorts,' and 'viral content,' which are likely to match ordinary conversation. Overbroad triggers can cause the skill to activate unexpectedly, and in this case that is more dangerous because the skill also documents account-affecting actions such as posting content externally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Twitter/X automation example performs a live post but does not include a conspicuous warning that it publishes external content to a real account. Without an explicit warning or confirmation step, users and agents may treat it as a harmless generation example and accidentally publish unreviewed or attacker-influenced content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.