Twitter Intel

Security checks across malware telemetry and agentic risk

Overview

This Twitter monitoring skill appears to do what it says, but it should be reviewed because it asks for live Twitter session cookies and unpinned external code.

Install only if you are comfortable giving this workflow access to Twitter/X browser session cookies. Use a low-risk account if possible, keep the cookie file out of shared folders and source control, restrict file permissions, review the external rnet_twitter.py code before use, and understand what scheduled monitoring will store locally before enabling it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs users to export and reuse live Twitter authentication cookies (`auth_token`, `ct0`) from their browser without warning that these are sensitive session secrets. Anyone who obtains those cookies can potentially hijack the user's Twitter session or access account data until the cookies expire, making this a real credential-handling risk.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The monitoring workflow directs the agent to persist collected tweet data to daily files but does not mention retention limits, access controls, or privacy implications. This can lead to unnecessary long-term storage of social media content, metadata, and monitoring history that may expose sensitive research targets or user activity if the local system is compromised or shared.

VirusTotal

No VirusTotal findings

View on VirusTotal