Back to skill

Security audit

Social Media Automation Operations Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent social-media automation, but it needs Review because it can guide live posts, replies, and scheduled account actions without strong approval and credential-safety safeguards.

Install only if you intend to connect real social accounts. Run dry-run or preview first, review every post, reply, and scheduled job before execution, use least-privilege tokens, avoid printing or sharing logs that may contain credentials, and do not run generated browser publish commands blindly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The script invokes a shell command via execSync to run a nested Node process for network retrieval, which introduces an unnecessary process-spawning capability in a helper that could fetch data directly in-process. In an automation skill that handles content creation and publishing, extra execution primitives increase attack surface and make later command-injection or environment-abuse bugs more dangerous.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance uses broad terms like social media operations, scheduled posting, and auto-reply, which can cause the skill to activate for generic discussion or advisory requests. In this skill's context, accidental activation is more dangerous because the described capabilities include live publishing, monitoring interactions, and acting on external accounts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The one-click and scheduled publishing sections describe commands that can post directly to external social platforms, but they do not prominently warn that these actions may create live public content. Because the skill targets real accounts across multiple platforms, insufficient warning can cause users or downstream agents to publish unintentionally, creating reputational, legal, and operational harm.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The monitoring and auto-reply features imply reading comments, mentions, and other account interactions, then sending replies on the user's behalf, but no privacy or authorization warning is given. In this context, the skill can access user communications and generate outward-facing responses, making accidental or poorly scoped use a meaningful privacy and impersonation risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide includes real credential variable names for app key, app secret, and access token but provides no warning about secure storage, least-privilege handling, or avoiding accidental exposure in logs, shells, and repositories. In a social-media automation skill, operators are likely to copy these commands directly, so omission of handling guidance materially increases the chance of credential leakage and account compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The browser automation example performs direct navigation, text entry, and publish clicks against a live Weibo account without any warning that this causes real posting actions. In the context of an auto-publisher skill, users may run the flow assuming it is illustrative or test-only, which can lead to unintended public posts, policy violations, reputational harm, or misuse of the authenticated account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The module generates a command sequence that ends with an unconditional publish click, with no built-in user confirmation, review gate, or safety interlock before posting to a live social account. In the context of a social-media automation skill running in a logged-in browser session, this creates a real risk of unintended publication, reputational harm, and policy-violating or incorrect content being posted automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/generate_content.js:89