Security audit

Video pusher

Security checks across malware telemetry and agentic risk

Overview

This skill matches its social-media publishing purpose, but it needs review because it stores reusable login sessions and uses under-disclosed browser automation on real accounts.

Install only if you are comfortable giving this skill reusable browser sessions for your social-media accounts. Use dedicated accounts if possible, check the exact file, caption, target platform, and account group before clicking the final publish/share button, and remove profile/session directories when retiring an account. Be aware that the scripts try to hide automation indicators from websites and automatically delete Chromium lock files, which can create account-policy or profile-corruption risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill states globally that scripts will not automatically submit and that the user must manually click the final publish button, but the Instagram section says the script auto-clicks through workflow steps. This inconsistency can mislead users about the degree of automation and may cause unintended progress in a live posting flow, increasing the risk of accidental publication or actions taken without informed consent.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is broad enough to activate on generic account-management requests, which can cause the skill to run in situations the user did not specifically intend for this multi-platform publishing workflow. In this skill, activation can lead to state-changing operations such as login, session removal, or account-group deletion, so ambiguous routing increases the chance of unintended access or destructive actions.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation exposes deletion operations for account groups and platform sessions without explicitly warning that local profiles and saved sessions will be removed. In this context, those deletions affect persistent browser session data under the profile directory, so a user or agent could erase login state and local account data without understanding the consequence.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger condition is broadly defined as any user request to publish a video to Douyin, without additional confirmation gates, eligibility checks, or clearer scoping. In a skill that can perform real account actions and upload user-supplied media, overly broad activation increases the chance of unintended execution, misuse in the wrong context, or accidental posting workflows being initiated for the wrong account/group.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger condition is broad enough that ordinary requests about posting to WeChat Channels could activate this skill without strong confirmation of user intent, causing unintended automation in a sensitive publishing workflow. Because the skill uploads media and fills publication fields for a real account, accidental invocation could lead to privacy leaks, posting mistakes, or actions on the wrong account before the user notices.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The script unconditionally deletes Chromium profile lock files before launching a persistent browser context. If another browser instance is still using that profile, removing these locks can corrupt the session state, bypass expected safety checks, or interfere with other local processes using the same account profile. In this skill's context, the profile contains authenticated social-media session data, which makes unsafe profile manipulation more sensitive than a generic usability bug.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger condition is broad enough that ordinary user requests to post on Threads may automatically invoke this skill without strong confirmation of user intent, account selection, or content review context. Because the skill can prepare a real post in a logged-in browser session, accidental invocation could lead to unintended publication attempts or disclosure of media/content to the wrong account.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger condition '当用户要求发布内容到小红书时触发' is broad enough that many ordinary requests about Xiaohongshu posting could activate the skill without sufficiently confirming the user's intent, target account group, or readiness to publish. In a skill that performs browser automation for content upload, overly loose activation increases the chance of unintended posting actions, accidental account misuse, or social-media operations being initiated from ambiguous prompts.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.