Back to skill

Security audit

auto-content-creator

Security checks across malware telemetry and agentic risk

Overview

This is a local social-media draft generator with no evidence of hidden credential access, network activity, autonomous posting, or destructive behavior.

Safe to consider installing for draft generation. Review generated promotional claims before publishing, avoid putting sensitive source material into drafts unless local saved copies are acceptable, and run the included script or a verified CLI rather than an unrelated auto-content command that may already exist on your system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are very broad, including generic terms like '生成内容', 'content', and 'create post', which can cause the skill to activate on ordinary user requests unintentionally. Over-broad invocation increases the chance that the skill intercepts unrelated prompts, producing unexpected behavior or routing user data into the wrong workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.