Back to skill

Security audit

Get Tweet Metrics

Security checks across malware telemetry and agentic risk

Overview

This is a powerful but disclosed X/Twitter integration; its risks are mostly expected for its stated purpose and guarded by top-level confirmation rules.

Install only if you trust Xquik with the X account and data you plan to use. Use a scoped, revocable API key, avoid committing config files containing keys, and require fresh confirmation before posts, DMs, follows, deletes, profile edits, billing/top-ups, private-data reads, webhooks, and bulk exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is unusually broad and explicitly instructs use for generic 'social media automation,' 'tweet analytics,' and follower analysis, which can cause the skill to be selected in contexts broader than narrowly scoped X/Twitter operations. Over-broad auto-selection increases the chance that a high-privilege skill with read/write and private-data capabilities is invoked when a less sensitive tool or no tool should be used.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The bookmark-folder endpoint accesses private user data, yet unlike nearby sensitive endpoints it lacks an explicit requirement to confirm with the user before retrieval. In an agent setting, that omission can lead to silent collection of private organizational data that the user may not realize is being exposed.

Missing User Warnings

High
Confidence
98% confidence
Finding
Sending a DM is an outward-facing action performed on the user's connected account, but the documentation provides no warning or explicit confirmation requirement. That makes unauthorized impersonation, spam, harassment, or accidental disclosure much more likely when an autonomous or overly-permissive agent is using the skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Profile updates change the user's public identity and can alter name, bio, location, or URL, yet the docs do not require warning or confirmation. In an agent context this enables accidental or unauthorized reputational changes, impersonation cues, or insertion of malicious links into the user's public profile.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Avatar changes are public and highly visible account modifications, but the API description lacks a user-warning or confirmation requirement. An agent could therefore alter branding or identity with a single call, causing reputational damage and confusion even if the change is later reversible.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Banner updates are another public-facing profile modification without confirmation guidance. This creates risk of unauthorized branding changes, offensive imagery uploads, or misleading public presentation of the user's account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Creating a community is a public account action that can create new public-facing assets and social presence, yet the documentation omits a warning or confirmation step. In a social-media automation skill, this increases the chance of unauthorized or accidental public actions taken in the user's name.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Tweet deletion is destructive and potentially irreversible from the user's perspective, but the docs do not require explicit confirmation. An agent could remove content, evidence, announcements, or monetizable posts on behalf of the user without a strong intent check.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This documentation explicitly enables bulk extraction, enrichment, export, and search of X/Twitter user and tweet data at scale, including followers, likers, participants, list members, and exports in multiple formats, but provides no privacy, consent, rate-limiting, anti-abuse, or acceptable-use guidance. In the context of a social-media automation/scraping skill, that omission increases the risk of doxxing, profiling, mass surveillance, spam targeting, and other abusive data-harvesting workflows by making high-volume collection appear unrestricted and routine.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document repeatedly shows API keys embedded directly in JSON, TOML, and Python examples such as `xq_YOUR_KEY_HERE`, which normalizes storing secrets in plaintext config files. Although the file includes one general warning near the top, the per-platform examples do not consistently steer users toward environment-variable interpolation or secret stores, increasing the risk of accidental credential exposure via source control, screenshots, backups, or shared workstation profiles.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The reference prominently exposes write-capable and privacy-sensitive operations such as posting tweets, following users, sending DMs, uploading media, and reading notifications/history without requiring explicit confirmation or warning language. In an agent setting, this increases the risk of unintended account actions, privacy violations, or social-engineering-driven misuse because the skill normalizes destructive and sensitive calls as routine options.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The workflow encourages registering webhooks to arbitrary external URLs and exporting bulk extraction results, but it provides no warning that these actions may transmit sensitive account data, DMs, or large scraped datasets outside the trusted environment. In an agent skill context, omission of consent, destination validation, and data-handling guidance increases the risk of unintended exfiltration or privacy violations.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.