Larry Marketing

Security checks across malware telemetry and agentic risk

Overview

This marketing automation skill is mostly purpose-aligned, but it needs review because it can post to connected social accounts, persist business data and secrets locally, create recurring jobs, and includes platform-detection evasion guidance.

Install only if you are comfortable giving an agent posting authority over connected social accounts and sending marketing assets, captions, account metadata, analytics, and optional revenue data to third-party services. Use least-privilege API keys, keep config files out of source control, review every post before publishing, avoid the detection-evasion warmup guidance, and only enable the daily cron if you know how to disable it and manage the stored reports and snapshots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 79% confidence
Finding: The skill instructs the agent to research and install dependencies and a separate RevenueCat skill, which expands execution scope beyond simple marketing automation into host modification and toolchain extension. This creates supply-chain and privilege risks because the agent is encouraged to fetch and install code based on dynamic research rather than a pinned, audited setup.

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The skill directs the agent to set up a recurring cron job on the host, which creates persistent automated execution. Persistence is security-sensitive because it can continue making network calls, processing sensitive business data, or running after the user forgets it was installed.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The documentation tells the agent/user to run OS package-manager commands, including sudo-based installs, to satisfy node-canvas dependencies. This is dangerous because it normalizes privileged host modification from within a skill and increases the blast radius if the instructions, dependencies, or environment are compromised.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README describes browser-based competitor research, AI image generation, multi-platform posting, analytics collection, and optional RevenueCat conversion tracking, but it does not clearly warn users that their content, account metadata, and performance data will be transmitted to multiple third-party services. In a marketing automation skill, this omission matters because users may supply proprietary marketing assets, social account access, and business analytics without informed consent about external data flows.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs storing live API keys, including Upload-Post and RevenueCat secrets, directly in JSON config files. Plaintext secret storage materially increases the risk of credential leakage through source control, backups, logs, screenshots, workspace sharing, or other local compromise.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The page promotes automated multi-platform posting, analytics tracking, and optimization loops without warning users about account-level actions, third-party API use, or data handling implications. In an agent-skill context, omission of these disclosures can cause users to authorize broad actions they do not fully understand, increasing the risk of unintended posting, policy violations, or privacy exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The Quick Start instructs users to install and initialize an agent that will perform competitor research, generate media, publish across platforms, and run analytics-driven optimization, but it provides no safety notice or gating step. This is dangerous because users may deploy account-affecting automation immediately, without understanding permissions, review requirements, or the consequences of autonomous posting.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation tells users to place a RevenueCat secret API key directly in a local config file and explicitly emphasizes using the secret key, but it does not warn about secure storage, access controls, or avoiding committing secrets to source control. In an automation skill that may be run by agents, scripts, or shared repositories, this increases the chance of credential leakage and unauthorized access to subscription/customer data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The recommended workflow stores RevenueCat webhook events in a local JSON file without any privacy, retention, or access-control guidance. Even if the sample event is minimal, webhook payloads can contain customer and subscription metadata, so logging them locally in an ad hoc file can expose sensitive business and user data to other processes, backups, or accidental commits.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script fetches RevenueCat overview and transaction data and persists a local snapshot containing that data to disk. Even though this supports reporting, transaction and revenue data can be sensitive business telemetry, and storing it unencrypted without an explicit disclosure, minimization, or retention control increases the chance of local data exposure through other users, backups, logs, or repository commits.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The script writes platform analytics, hook performance, and generated reports to local JSON/Markdown files under the config directory without any clear disclosure or safeguards. In a marketing automation context this is likely intentional for reporting, but it still creates a privacy and operational risk because post metadata, URLs, captions, and performance history may be exposed to other local users or accidentally committed/shared.

Ssd 4

Medium

Confidence: 90% confidence
Finding: The account 'warmup' guidance is explicitly framed as a way to make automated marketing look human and avoid bot detection. That is evasion behavior aimed at defeating platform trust and safety controls, which raises abuse risk and signals adversarial intent within the skill content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal