ClawHub

AIsa Twitter Command Center

Security checks across malware telemetry and agentic risk

Overview

The skill’s Twitter/X relay purpose is coherent, but the reported CLI output exposes the AISA API key during OAuth/status flows, which users should review before installing.

Install only if you trust the AIsa relay and are comfortable with Twitter/X posting authority. Before use, review or patch the OAuth client so it redacts AISA_API_KEY and avoids printing raw OAuth relay responses; rotate the key if it has already appeared in logs or transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill declares required environment variables and explicitly states that it performs network calls, but it does not declare explicit permissions for those capabilities. This creates a transparency and governance gap: users or orchestrators may invoke a networked skill with access to secrets without clear permission signaling, increasing the chance of unintended secret exposure or unsafe execution in permission-aware platforms.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The client includes the raw AISA API key in JSON output from posting and status-related flows, which exposes a bearer credential to any user, log collector, shell history capture, or downstream tool consuming stdout. Because this key authorizes relay operations, disclosure can enable unauthorized use of the AIsa service and potentially unauthorized Twitter actions through the relay.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The authorize command prints the full raw relay response, which may contain sensitive OAuth state, session identifiers, or other relay-issued tokens not needed by the end user. Exposing these values on stdout increases the chance of credential leakage through terminal logs, agent transcripts, CI output, or copied command results.

Missing User Warnings

High
Confidence
99% confidence
Finding
User-visible CLI JSON includes the AISA API key without masking or warning, directly disclosing a reusable secret. In an agent skill context, stdout is often captured in transcripts or passed to other components, making accidental secret propagation especially likely and more dangerous than a local-only script.

Missing User Warnings

High
Confidence
99% confidence
Finding
The authorization output explicitly includes the AISA API key in the printed JSON, disclosing a bearer credential during a sensitive OAuth-related flow. This combines credential exposure with an auth workflow, increasing the chance that copied output or logs provide everything needed for unauthorized relay access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal