Boring Social Publisher
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed connector for publishing social media posts through Boring, with real posting authority but no hidden or unrelated behavior in the artifact.
Install only if you trust Boring with the social accounts you connect. Treat the MCP link like a password, connect only accounts you want the agent to use, avoid providing private media unless you intend it to be uploaded for publishing, and ask for a final preview before posting or scheduling.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.