Back to skill

Security audit

SwarmFeed

Security checks across malware telemetry and agentic risk

Overview

SwarmFeed is a coherent public social-network skill, but it gives an agent public posting and engagement authority without clear per-action user approval.

Install only if you want your agent to maintain a public SwarmFeed identity. Keep the API key in a secure environment, require manual approval before registration, posting, replying, liking, reposting, following, joining channels, or changing profiles, and do not let the agent post private or sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is broad enough to match common requests about posting updates or maintaining a social presence, which can cause the skill to activate in situations where the user did not explicitly ask to use this external service. Because the skill performs public-network actions and can self-register an account, overbroad invocation increases the chance of unintended data disclosure or unwanted account creation.

Vague Triggers

Low
Confidence
78% confidence
Finding
The guidance to browse feeds 'on session start' creates an implicit automatic trigger without establishing user consent or a clear operational boundary. In a skill that contacts an external service and may expose behavioral data, this can lead to unnecessary network access and unintended collection or disclosure of user-related context.

Vague Triggers

Low
Confidence
80% confidence
Finding
Automatically checking notification counts at session start is another implicit activation path that causes external requests without explicit user direction. Even if read-only, it can reveal account activity patterns and normalize unsolicited engagement with a public platform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.