Security audit

Larry

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TikTok marketing automation skill, but it needs review because it combines public posting authority, secret API keys, RevenueCat business/customer data, local persistence, and platform-evasion style guidance.

Install only if you are comfortable giving the skill access to social posting tools and marketing analytics. Use least-privilege API keys, keep generated config and reports out of version control and synced folders, avoid RevenueCat dashboard scraping unless you explicitly approve a narrow session, review every post before publishing or cross-posting, and document how to disable the daily cron and delete stored snapshots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The beauty/cosmetics template explicitly instructs preservation of a real person's identity while selectively changing appearance details, which enables deceptive image manipulation and impersonation-style marketing assets. In an app marketing automation skill, this capability is broader than necessary for generic product promotion and increases the risk of creating misleading endorsements, altered selfies, or non-consensual likeness edits.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill explicitly shows API keys and secret tokens being placed into config files and environment variables, including Postiz and RevenueCat secrets, without strong guidance on secure storage, redaction, encryption, or exclusion from version control. This creates a realistic risk of credential leakage through local files, logs, screenshots, backups, or repository commits, which could allow unauthorized access to posting, analytics, billing, and customer data.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill directs persistent writes of app profile data, competitor research, strategy, reports, hooks, and configuration to local files without giving the user an upfront privacy notice about what data will be stored and for how long. In a business context this can capture sensitive commercial strategy, credentials, and possibly customer-revenue metadata, increasing exposure if the workspace is shared or later synced elsewhere.

Missing User Warnings

Medium

Confidence: 75% confidence
Finding: The daily cron job is designed to automatically pull third-party analytics and optional conversion data, write reports locally, and message summaries, but the documentation does not require explicit user acknowledgement of ongoing data collection, storage, or scheduling side effects. In a marketing automation skill, this creates meaningful privacy and operational risk because the workflow can continuously ingest business metrics and attribution data without clear consent, scope, or retention controls.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The documentation recommends storing RevenueCat webhook events in a local JSON file without any guidance on minimizing, securing, or restricting access to potentially sensitive subscription and billing-related event data. Even if the example is minimal, real webhook payloads often include customer identifiers, entitlement details, and transactional metadata, so normalizing this as file-based storage increases the risk of accidental exposure or over-collection.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script stores RevenueCat metrics and a transactions payload to local JSON files (`rc-snapshot.json`) without any minimization, retention control, encryption, or user disclosure. Even if intended for analytics, transaction records can contain sensitive business and potentially customer-linked billing metadata, creating unnecessary exposure if the workspace, logs, backups, or generated artifacts are accessed by others.

Ssd 4

Medium

Confidence: 93% confidence
Finding: The skill instructs users to simulate organic human behavior over 7-14 days specifically to avoid TikTok treating the account as a bot and throttling reach. That is an evasion technique aimed at bypassing platform anti-abuse detection, which can facilitate deceptive automation and create policy, account-suspension, and reputational risk for the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal