Boring Threads Publisher
Security checks across malware telemetry and agentic risk
Overview
This Threads publishing skill is coherent and transparent about credentials, but it can publish publicly without an explicit confirmation step in the skill instructions.
Install only if you are comfortable giving Boring connector access to publish to your Threads account. Configure or operate it so drafting requests do not publish automatically, choose the target account explicitly, and require a final confirmation before any post, reply, upload, or scheduled post is sent.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
51/51 vendors flagged this skill as clean.