Back to skill

Security audit

Get X Articles

Security checks across malware telemetry and agentic risk

Overview

This is a broad X/Twitter automation skill with real account powers, but the artifacts disclose those powers and require user confirmation for sensitive actions.

Install only if you trust Xquik with the connected X account and the API key. Use a scoped key stored as a secret, review every prompt before posts, DMs, follows, deletes, profile changes, webhooks, monitors, extractions, or paid actions, and avoid bulk collection or export unless you have a clear lawful and privacy-conscious reason.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The Radar section exposes a general-purpose cross-platform trend/news aggregation feature spanning non-X sources like Google Trends, Hacker News, Reddit, GitHub, and Wikipedia. That materially expands the skill beyond its stated X/Twitter interaction scope, increasing the chance an agent will use it as a broad web intelligence source without user awareness or least-privilege justification.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description explicitly says to use this skill even for broad requests like 'social media automation' or follower analysis, which can cause over-selection for tasks that may not actually require X/Twitter access. Overly broad routing increases the chance that a high-privilege skill with write, DM, monitoring, and billing capabilities is invoked unnecessarily, expanding exposure to accidental destructive actions or privacy-sensitive reads.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The write-action section contains many state-changing operations—posting tweets, DMs, likes, follows, profile edits, media uploads, and community actions—but lacks a consistent global requirement to obtain explicit user confirmation before execution. In an agent context, that creates a real risk of unintended account modification, social actions, or irreversible public posting triggered by ambiguous prompts or prompt-injection chains.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This documentation explicitly enables bulk extraction, pagination, enrichment, and export of large volumes of X user and tweet data, but provides no privacy, consent, retention, or acceptable-use guidance. In a skill designed for automation and scraping across 111 endpoints, that omission increases the likelihood of misuse for mass profiling, surveillance, or unauthorized data handling at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Several setup examples show plaintext API keys embedded directly in local config files (for Claude Code and similar tools), and the nearby warning about using environment variables is not consistently repeated alongside each snippet. This can normalize insecure credential handling, increasing the chance that users store secrets in project files, backups, screenshots, or version control where they may be exposed.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The reference prominently documents high-impact write, messaging, monitoring, and billing endpoints without requiring confirmation, warning about side effects, or distinguishing destructive/account-affecting actions from read-only ones. In an agent skill, this increases the chance an LLM will invoke posting, following, DM, subscription, or credit top-up operations from ambiguous prompts, causing unauthorized actions or financial impact.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The workflow shows an API key embedded directly in source code and does not warn readers to store credentials in environment variables or secret managers. In a skill designed for broad integration and automation, this encourages insecure copy-paste practices that can lead to credential leakage through repositories, logs, screenshots, or prompt history.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The endpoint guide documents access to sensitive account data such as bookmarks, notifications, home timeline, and DM history without any privacy, consent, or data-handling warning. In a Twitter/X scraping and automation skill, this materially increases misuse risk because these endpoints expose private user content and could be invoked in contexts where the operator lacks authorization or proper retention controls.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.