Twitter Article Reader

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only Twitter/X reader that openly routes user-provided links through jina.ai, with the main privacy consideration being that the link is sent to that external service.

Install only if you are comfortable having the Twitter/X link fetched through jina.ai. Avoid using it for private, restricted, or sensitive URLs; the artifacts show no hidden code, credential use, persistence, or local data access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to send user-provided Twitter/X URLs to the external service r.jina.ai, but it does not warn users that their requested link and associated fetch request will be disclosed to a third party. This creates a privacy and trust risk, especially when users submit sensitive, private, or identifying links under the assumption the agent is fetching them directly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal