X Twitter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed X/Twitter account-management skill whose credential use, posting authority, media upload, and X API calls fit its stated purpose.

Install only if you want an agent to operate your X/Twitter account. Use least-privilege X app permissions, keep the credential file protected, rotate tokens if exposed, and require explicit review before posting, deleting, following, unfollowing, bookmarking, list changes, or uploading local media.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The manifest description materially understates the skill's capabilities. It advertises posting, replying, searching, liking, retweeting, and analytics, but the body also supports delete, follow/unfollow, bookmarks, list management, and media upload, which can change a user's account state and access local files. This weakens informed consent and can cause an agent or user to approve broader-risk behavior than the metadata suggests.

Scope Creep

Medium

Confidence: 94% confidence
Finding: The skill reads arbitrary local image files for media upload, but the manifest only discloses credential-file access. Undeclared filesystem access increases the chance that an agent could be induced to read sensitive local files or user-selected paths and transmit their contents to Twitter infrastructure under the guise of media upload.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal