Back to skill

Security audit

Tweet Ideas Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed tweet-idea generation skill that may fetch user-provided URLs and save a local markdown output file, both of which fit its stated purpose.

Install this if you are comfortable with the assistant fetching URLs you provide and saving generated tweet ideas locally. Avoid supplying sensitive private material unless you are comfortable with derived content being written under the tweet-ideas folder, and review any persuasive or hyperbolic statements before posting them publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill directs the agent to create a local file automatically without explicit user confirmation or warning. While the target path appears constrained and low risk, silent filesystem writes can surprise users, overwrite prior outputs if naming collides, or normalize unsafe agent behavior around modifying local state without consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.