Security audit

Short Drama Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for automated Facebook video posting, but it relies on exported account cookies and can run unattended without enough user-control safeguards.

Review carefully before installing. Do not export Facebook or MoboBoost cookies unless you trust the complete implementation, keep cookie files out of source control, inspect or provide the missing scripts yourself, add a manual approval step before every post, and avoid enabling the cron job until you are comfortable with unattended publishing and content-rights risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Using ambiguous activation terms without context constraints increases the chance that normal conversation about MoboBoost or video publishing will match the skill. Because this skill performs automated media processing and posting using exported browser cookies, accidental activation has higher-than-normal risk and could trigger sensitive external actions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Using ambiguous activation terms without context constraints increases the chance that normal conversation about MoboBoost or video publishing will match the skill. Because this skill performs automated media processing and posting using exported browser cookies, accidental activation has higher-than-normal risk and could trigger sensitive external actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal