Back to skill

Security audit

Creator Watch

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only research skill for scraping and analyzing public Twitter/X creator posts, with no bundled executable code, but users should run scraping and database imports deliberately.

Install this only if you intend to collect public Twitter/X creator content for research. Before running commands, inspect the referenced scraper and importer, quote or validate usernames, confirm where JSON and database records will be stored, and consider Twitter/X terms, rate limits, and privacy expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is excessively broad, including phrases like 'who should I follow' and 'any creator monitoring request', which can cause the skill to activate for ordinary conversational queries unrelated to authorized scraping or watchlist operations. In this skill, accidental activation is more dangerous because the documented behavior includes scraping external content and importing data into storage, so a benign user query could unintentionally initiate collection or persistence actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises scraping Twitter/X content and importing it into a database but does not provide a clear upfront warning that it will collect third-party data and perform write operations. This is risky because users may invoke the skill for analysis without realizing it can trigger external data acquisition, local storage changes, or repeated scraping workflows with rate-limit and compliance implications.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.