Social Media Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is meant for X/Twitter automation, but it can post and schedule future public account actions without clear approval, account-boundary, or disable instructions.

Review before installing. Use only with a dedicated X account or browser profile, require manual approval for every post or engagement action, and do not enable cron schedules unless you have a clear content policy and know how to disable them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger description is very broad and includes common terms like tweets, social media strategy, engagement, content calendars, and growing a following, which could cause the skill to activate for many ordinary requests. In this skill, unintended activation is more dangerous because it is capable of autonomous posting, browser automation, and scheduling recurring actions against a real social media account.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill describes direct browser-driven posting steps but does not present a clear upfront warning that it can autonomously publish content and schedule future account actions. That omission is high risk here because the skill explicitly supports cron-based autonomous posting and engagement, so a user may invoke it without understanding that real account actions can occur immediately or persist over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal