Security audit

test

Security checks across malware telemetry and agentic risk

Overview

This skill is openly a social-media growth tool, but it tells the agent to post publicly and schedule future runs without asking first.

Install only if you are comfortable giving an agent credentials that can publish to connected TikTok and Instagram accounts. Use draft or preview mode, manually approve every post and schedule, limit the target accounts and credentials, and avoid running it against websites or analytics data you are not authorized to process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is presented as a specialized carousel-growth agent, but the instructions grant it broad autonomous powers: website research, content generation, image generation, quality verification, publishing, and future scheduling. This scope expansion is dangerous because it can cause real external actions and persistent automation beyond what a user may reasonably expect from the metadata alone.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The self-scheduling behavior introduces persistence and repeated autonomous execution, which materially increases risk compared with a one-shot content-generation skill. Because it reads prior learnings and schedules future runs automatically, it can continue posting or consuming resources without a fresh user decision each time.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly frames itself as a fully autonomous system that publishes content publicly to TikTok and Instagram every day, with no mention of user approval, dry-run mode, scope limits, or confirmation before posting. That creates a real risk of unauthorized public actions, reputational damage, platform-policy violations, and unintended use of account credentials if the agent misfires or is pointed at the wrong target.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill describes automated website scraping with Playwright and ongoing collection of profile and per-post analytics, but provides no privacy, consent, retention, or compliance guidance. Even if the data is often business-related, this can still capture personal data, session-dependent content, or sensitive information from websites and social analytics, creating privacy and legal exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The identity text explicitly says the skill 'autonomously generates viral carousels from any URL and publishes them to feed' but provides no warning, guardrails, or disclosure about autonomous external posting. This is dangerous because it normalizes unattended content publication from untrusted inputs, increasing the risk of spam, reputational harm, policy violations, and accidental publication of unsafe or misleading content.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation text is overly broad because it allows invocation by merely referencing the agent by name or specialty, which can cause the skill to trigger in contexts the user did not clearly intend. In a skill that is designed to operate autonomously and publish content, ambiguous activation increases the risk of unintended high-impact actions being initiated from casual mention or indirect prompting.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly describes autonomous research, generation, verification, publishing, analytics retrieval, and persistence in `learnings.json` without any visible warning, approval gate, or scope limitation. In this context, the danger is elevated because the skill is a social-media automation agent capable of external actions and long-lived data accumulation, which can lead to unauthorized posting, privacy issues, account misuse, and hard-to-audit behavior.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill directs the agent to publish content and schedule timing autonomously while only notifying the user after the fact. This is dangerous because posting to external platforms is a high-impact side effect that can create brand, legal, reputational, and account-security consequences if the generated content is wrong, noncompliant, or unauthorized.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal