Security audit

FakeX-Till-YouAI

Security checks across malware telemetry and agentic risk

Overview

This skill transparently creates and optionally schedules X posts, but users should handle X credentials carefully if enabling automatic posting.

Install only if you want a digest-to-X posting workflow. Use half automatic mode if you do not want the agent to have posting authority. If enabling full automatic mode, use least-privileged or dedicated X credentials where possible, avoid pasting secrets into shared chats or logs, review any local posting scripts before running them, and confirm final post text and scheduled times before publication.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README promotes fully automatic posting to X using user-supplied API credentials, but it does not clearly warn about account-impact, privacy, spam/reputation, or unintended-posting risks. In an agent skill that can generate and schedule content, users may underestimate the consequences of granting posting access, especially if drafts are based on upstream digest content and automated workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to collect raw X API credentials in natural-language onboarding, but does not warn the user about the sensitivity of those secrets or direct them to a safer secret-entry mechanism. This creates a credible path for secrets to be exposed in chat logs, agent memory, telemetry, or accidental file persistence.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The configuration guidance normalizes local persistence of posting configuration and credential-related state without any warning about disk exposure, permissions, or secret segregation. In a skill that handles social-media API credentials, storing related sensitive material in a plain JSON file can lead to theft via local compromise, backups, or other tools reading the file.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The onboarding flow instructs the agent to request highly sensitive X API credentials directly from the user, creating a natural-language secret handling channel. This is dangerous because conversational collection of raw secrets is easy to mishandle, log, echo back, or persist, especially in an agent framework that may retain transcripts or state.

Ssd 3

Medium

Confidence: 90% confidence
Finding: Although the text refers to storing credential presence/state rather than the credential values themselves, it still institutionalizes ongoing secret-associated state in local configuration without clear boundaries. In this context, such guidance increases the chance that implementers will store actual secrets or other sensitive metadata in the same file and treat it as routine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal