Back to skill

Security audit

Twitter Automation

Security checks across malware telemetry and agentic risk

Overview

This is a real Twitter/X automation skill, but it can act on a live social account with broad triggers and too little explicit user-control guidance.

Install only if you trust inference.sh and intentionally want an agent to operate a connected Twitter/X account. Require explicit review before every post, delete, DM, follow, like, or retweet, and prefer manual CLI verification over curl-to-shell installation where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest/description frames the skill as posting, engagement, and user management, but the body also exposes tweet deletion. That scope mismatch can cause agents or users to invoke a more destructive capability than expected, weakening informed consent and review of account-impacting actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains very broad phrases such as 'twitter api', 'x api', 'social media automation', and 'post tweet', which can match ordinary user requests and cause over-activation. Because this skill can perform account-affecting actions like posting, DMs, follows, likes, retweets, and deletion, accidental routing to this skill is materially risky.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises mutating and potentially sensitive operations—delete post, send DM, follow user, like, retweet—without an explicit warning that these actions affect a real social-media account and may be irreversible or externally visible. In this context, omission is more dangerous because the skill is designed for live account automation, so users or agents may trigger reputationally damaging actions without adequate friction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.