Back to skill

Security audit

Maxhub Twitter

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Twitter/X data lookup integration that sends user queries to MaxHub and needs normal privacy caution.

Install only if you are comfortable sending Twitter/X handles, tweet IDs, links, search terms, and returned public social data to MaxHub at https://www.aconfig.cn. Use a dedicated API key, do not provide production cookies or session tokens, avoid storing or republishing personal/social-graph data unnecessarily, and confirm ambiguous requests before running broad chained lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to send authenticated requests containing Twitter/X query parameters and identifiers to a third-party service at aconfig.cn, but the documentation does not require any user-facing disclosure or consent before external transmission. This creates a privacy and data-governance risk because user-supplied handles, tweet links, search keywords, and derived social graph data may be transmitted off-platform without the user clearly understanding where their data is going.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Several trigger phrases are short and semantically broad, such as requests equivalent to 'look at comments' or 'find user', which can plausibly match ordinary conversation and invoke a recipe the user did not clearly intend. In this skill context, unintended invocation can cause extra social-data lookups and broaden collection of user-generated content or profile data without sufficiently explicit user consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The chain-graph guidance explicitly tells the agent to continue into downstream recipes and pass output fields directly, '无需问用户重复输入', which can normalize silent multi-step expansion beyond the user’s original request. In a social-data skill, this increases the risk of over-collection by moving from one tweet or profile into comments, related users, or social-graph data without a fresh user checkpoint.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases for the 'tweet_with_comments' recipe are broad and can match generic requests like '看评论' without clearly requiring tweet context. In an agent environment, this can cause unintended recipe invocation, unnecessary external API calls, and retrieval of public social data the user may not have explicitly intended to access.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Phrases like '最新评论' and '最近的评论' are underspecified and may be interpreted outside the tweet domain. This can lead the agent to invoke a Twitter-data workflow for ordinary conversational requests, causing over-collection of third-party UGC and unintended external lookups.

Vague Triggers

Low
Confidence
75% confidence
Finding
The retweeter-related phrases are somewhat ambiguous and may activate on informal wording about sharing or reposting. Although the data is public-facing, accidental invocation can still expose social graph information and produce unnecessary API activity.

Vague Triggers

Low
Confidence
76% confidence
Finding
The search-to-detail recipe can trigger on broad phrases like '搜推文' or '搜到后看详情' without enough boundary conditions. This can cause automatic chaining from search to detail retrieval even when the user may only want a search result summary, increasing data access beyond least-necessary scope.

Vague Triggers

Low
Confidence
74% confidence
Finding
The 'search_to_author' trigger overlaps with generic requests to view an author or profile, making it easy for the wrong recipe to run. This may chain from content search to profile lookup without sufficiently explicit user intent, broadening collection of personal social profile data.

Vague Triggers

Low
Confidence
70% confidence
Finding
The trending-search recipe uses vague activation phrases that can overlap with general discussion of trending topics. This can prompt automatic external searches based on trend data when a user may only want to ask about trends conceptually, causing unnecessary API calls and data retrieval.

Vague Triggers

Low
Confidence
73% confidence
Finding
Author-related phrases such as '谁发的' or '看作者' are broad and may collide with ordinary conversational references to authorship. In this skill, that ambiguity can cause unintended lookup of a Twitter author profile, expanding access to social account metadata without clear necessity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents endpoints for fetching user profiles, posts, replies, followers, and followings, which clearly involve personal/profile and social-graph data, but it does not present a prominent user-facing warning about privacy sensitivity and appropriate handling. This increases the risk that an agent or operator will over-collect, over-share, or process personal data without informed consent or adequate minimization, especially when chaining follower/following and profile lookups.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.