ClawHub

Social Trend Report

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it combines sensitive Twitter/X cookies, scheduled reporting, possible Discord sharing, and an unsafe helper script that users should review before installing.

Install only if you are comfortable reviewing or fixing scripts/collect.sh before running it. Use a dedicated low-privilege Twitter/X account for AUTH_TOKEN and CT0, verify or pin the bird CLI dependency, keep config.json in a trusted workspace, and enable cron or Discord announcements only after confirming the exact report directory, destination channel, and disable path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes shell commands (`bird search`, `openclaw cron add`) and writes output files (`Save to reports/`) but does not declare permissions or boundaries for those capabilities. In an agent setting, undeclared shell and file-write behavior increases the chance of unexpected execution, persistence, or filesystem modification without informed user consent.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill instructs use of Twitter/X auth cookies from environment variables, which are sensitive session credentials rather than scoped API tokens. Encouraging agents to rely on ambient credentials expands access beyond the immediate task and raises the risk of credential misuse, leakage in logs, or unintended actions against the linked social account.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests such as 'weekly report', 'content research', or 'analysis', causing the skill to activate in contexts where the user did not intend shell execution, web collection, or external posting. Over-broad auto-invocation increases the chance of surprising behavior and unauthorized data access/actions in an agent environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cron example instructs the agent to save reports and 'announce in Discord' without an explicit warning or consent checkpoint for external publication. This creates a real risk of unreviewed content being posted to third-party channels, potentially disclosing sensitive business information, inaccurate analysis, or data the user did not approve for sharing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal