agent-Postmoore

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can publish or delete social media content and persist a live posting key with limited built-in safeguards.

Install only if you trust Postmoore and want an agent to manage real social accounts. Prefer an uncommitted environment variable or secret manager over the setup command, use drafts by default, and require your agent to show the final post, target accounts, media, schedule, and delete target before taking action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill is explicitly designed to publish content autonomously to external social platforms, including immediate posting via `schedule: { "type": "now" }`, but the description does not prominently warn that actions can cause irreversible public publication. In an agent setting, this increases the risk of unintended external actions, reputational harm, and accidental posting without informed user consent.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The setup instructions tell users to place a live production API key in `.env` without any caution about secret handling, scope, rotation, or avoiding exposure in shared workspaces. While storing secrets in environment variables is common, omitting credential-safety guidance in an autonomous posting skill increases the chance of leakage or misuse of a key that can perform real external actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The setup command stores a live API key in plaintext on disk under a predictable path without any warning, permission hardening, or safer storage option. In an agent context, this increases the chance of credential exposure through local compromise, overly broad filesystem access, backups, logs, or later unintended exfiltration by other tools.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The delete command performs an irreversible remote action immediately based on a supplied post ID, with no confirmation, dry-run option, or friction. In an autonomous agent setting, this raises the risk of accidental or prompt-induced destructive actions that could remove scheduled or published content across linked social accounts.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal