ClawHub

Social Media Assistant (via postsyncer.com)

Security checks across malware telemetry and agentic risk

Overview

This is a documented PostSyncer social media integration with powerful but disclosed posting, deletion, analytics, and public X/Twitter analysis features.

Install only if you trust PostSyncer with your connected social accounts and API token. Use the narrowest token abilities needed, review posts before publishing, prefer drafts for new automations, and require explicit confirmation before deleting posts, media, folders, comments, labels, or connected accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill’s stated scope is managing a user’s connected social accounts, but it also advertises a capability to fetch and analyze arbitrary public X/Twitter URLs. That creates a scope expansion from account management into general-purpose public content surveillance, which can be abused to gather or process third-party data unrelated to the user’s managed assets.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation says accounts must be pre-connected in PostSyncer, but this endpoint explicitly works on any public X/Twitter post and does not require account ownership or platform connection. That mismatch can mislead operators and downstream agents into thinking the skill is confined to first-party managed content when it is not.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
An AI-powered endpoint that fetches public threads, loads replies, and answers arbitrary questions materially broadens the skill beyond posting and account management. In an agent setting, this creates a data exfiltration and surveillance primitive that could be repurposed for mass public-content analysis without clear necessity to the advertised purpose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal