ClawHub

X/Twitter by altf1be

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it lets OpenClaw post tweets, replies, threads, and media using the user's configured X/Twitter credentials.

Install only if you want the agent to publish from the configured X/Twitter account. Protect the OAuth tokens and review the exact tweet text, thread file, media path, and reply target before allowing posting commands to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README includes broad natural-language examples such as posting a tweet or thread without emphasizing confirmation, destination account, or that the action is live and public. In an agentic environment, overly generic invocation phrasing can cause accidental triggering from ordinary conversation and lead to unintended public posts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description says it can post tweets, threads, and media, but does not prominently warn that these are live outbound actions to a public social media account. Users or orchestrating agents may underestimate the consequence of invocation, increasing the risk of accidental publication, reputational harm, or disclosure of sensitive information.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The tweet and thread commands immediately perform live posting actions once invoked, with no dry-run, preview, or confirmation gate. In an agent or automation context, this increases the risk of accidental irreversible public posts, reputation damage, and unintended disclosure if input is misrouted or prompt-injected upstream.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal