Twitter

Security checks across malware telemetry and agentic risk

Overview

This Twitter/X skill appears purpose-aligned, but it needs review because it can access private DMs and change account state while some safety documentation is broad or inconsistent.

Review before installing. Only use this skill with a Twitter/X account you are comfortable delegating to an agent, and require explicit confirmation before reading DMs, muting users, or performing any write action. Treat the action docs cautiously where read/write labels conflict.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The documentation for a clearly read-only action incorrectly states that it is a write action that changes Twitter state. This can mislead operators and downstream agents about required confirmation behavior and the action's safety characteristics, causing unnecessary friction or incorrect policy handling.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The action is documented as a read-only retrieval of retweets, but the file incorrectly labels it as a write action that changes Twitter state. This can mislead an agent or operator into applying unnecessary confirmation flows, suppressing otherwise safe read behavior, or making incorrect trust and execution decisions based on action type metadata.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The file documents a read-only Tweet lookup action, but incorrectly labels it as a write action that changes Twitter state and instructs the operator to confirm payload and intended effect as if it were state-changing. This kind of action-confusion can mislead downstream agents or reviewers about the safety properties of the operation, causing inappropriate handling, unsafe automation logic, or incorrect user consent flows.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The action is explicitly described as a read-only lookup that requires read scopes, but the documentation later states it is a write action that changes Twitter state. In an agent skill, this mismatch can mislead downstream agents or operators into applying inappropriate confirmation logic or misunderstanding the action’s side effects, increasing the chance of unsafe automation behavior and incorrect trust decisions.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The action is explicitly a read-only operation ('Get Tweets that quote a given Tweet ID') but the documentation labels it as a write action that changes Twitter state. This can mislead an agent or operator into applying unnecessary confirmation logic, misclassifying permissions, or making incorrect safety decisions about the action's side effects.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The action description and name clearly indicate a read-only operation that retrieves tweets liked by a user, but the documentation warns that it is a write action that changes Twitter state. This can mislead an agent or operator into applying unnecessary confirmation logic or, worse, normalize inaccurate state-changing labels in the skill set, reducing trust in safety cues and increasing the chance of incorrect execution behavior elsewhere.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description is overly broad and instructs agents to use this skill for essentially any Twitter-related request. That can cause inappropriate tool selection for loosely related tasks and increase the chance an agent routes sensitive or destructive operations through this skill without sufficient narrowing or user confirmation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This action retrieves private direct message conversation data, but the description does not warn users that the content is sensitive or privacy-impacting. In an agent skill context, missing disclosure can lead an agent or operator to invoke the action without appropriate user awareness, consent, or stricter handling expectations for private communications.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The warning contradicts the described behavior of retrieving retweeters, so users and agents receive inaccurate guidance about side effects. In a skill-routing context, incorrect safety annotations can distort approval flows, confuse trust decisions, and reduce confidence in the documentation.

Missing User Warnings

Low

Confidence: 95% confidence
Finding: This action changes the authenticated user's Twitter account state by muting another account, but the documentation does not clearly warn the user that it performs a persistent side effect. In an agent setting, missing state-change warnings can lead to unintended account modifications because the action may be invoked without the user realizing it alters their Twitter settings.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal