Back to skill

Security audit

Openclaw Twitter Post Engage

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Twitter/X relay skill, but it can change a public account and exposes its AISA API key in normal command output.

Review before installing. Use only if you trust the AISA relay and are comfortable granting OAuth-backed Twitter/X authority. Treat command output from authorize/post as sensitive because it may contain AISA_API_KEY, and require a clear final confirmation naming the exact post, media path, tweet, or account before any write action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares required binaries and environment variables, but it does not expose an explicit permissions model despite clearly enabling network access and use of a secret-bearing environment variable. That mismatch can weaken sandboxing and review controls, making it easier for an agent or runtime to invoke external requests with `AISA_API_KEY` without a clear permission boundary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file exposes direct write actions for liking, unliking, following, and unfollowing, and those commands proceed immediately once invoked. Although the skill metadata says write actions should require OAuth approval and an explicit final confirmation artifact, this file does not enforce any confirmation token, approval artifact, or secondary prompt before executing the relay call, so accidental or unauthorized social actions could be triggered if an upstream component misroutes or fabricates a request.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code includes the AISA API key in JSON output returned to the user after post operations and in error paths. Secrets printed to stdout can be captured by terminal logs, shell history wrappers, CI logs, agent transcripts, or other monitoring systems, enabling unauthorized use of the relay account.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The authorization command prints the API key in its output object alongside the authorization URL and raw response. In an agent skill context, stdout is commonly surfaced to users or persisted in logs, so exposing a bearer token materially increases the chance of credential theft and replay.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.