ClawHub

AIsa Twitter API Command Center

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can expose the AIsa API key in normal command output while enabling Twitter/X posting through a third-party relay.

Install only if you trust AIsa to handle your Twitter/X research, OAuth posting flow, post content, uploaded media, and API key. Do not share authorize or post command output while this version prints the raw AISA_API_KEY; rotate the key if it has already appeared in logs, terminals, or chat transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares requirements for an environment variable and clearly instructs use of networked Python scripts, but it does not declare corresponding permissions. This creates a transparency and consent problem: an agent or user may invoke a skill that can access secrets and transmit data externally without an explicit permission model, increasing the risk of unintended secret exposure or unreviewed outbound requests.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The publish flow includes the raw AISA API key in JSON output, which can expose a bearer credential to terminal logs, calling agents, CI systems, or chat transcripts. Because this key authorizes requests to the upstream AIsa API, disclosure can enable unauthorized use of the service well beyond the immediate Twitter action.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The authorize command returns the raw AISA API key even though the command's purpose is only to fetch an authorization URL. This unnecessarily discloses a reusable secret during a flow that is likely to be copied into consoles, notebooks, or agent outputs, increasing the chance of credential theft.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document states that local files are read and sent to the relay backend and that posting goes to api.aisa.one, but it does not present this as a clear user-facing warning or consent requirement before transmission. In a skill that can upload local workspace media and publish user content externally, lack of explicit disclosure increases the risk of users unintentionally sending sensitive files or text to a third-party service.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Echoing an API key in normal command output is a direct secret-handling flaw. In this skill context, outputs may be consumed by LLM agents, shells, logs, or workflow systems, so a printed bearer token can be propagated widely and reused by anyone who sees it.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal