Social media autopilot

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it can publish live social media posts and can send the API key to a user-specified API host, so it should be reviewed before installation.

Install only if you intend to let this skill operate SocialEcho accounts. Use a least-privilege team API key, prefer the default SocialEcho API host, avoid non-HTTPS or untrusted --base-url values, and require human review before running publish-article payloads that set status to 1.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The /v1/publish/article endpoint performs a real-world state-changing action—publishing or scheduling social media posts—using only bearer authentication, yet the spec provides no safety disclosure, confirmation requirement, or guardrails for high-impact operations. In an agent context, this is dangerous because an LLM-driven workflow could trigger unintended posting, reputational damage, spam, or policy violations across linked social accounts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal