ClawHub

twitter-aisa-api

Security checks across malware telemetry and agentic risk

Overview

The skill’s Twitter/X relay purpose is disclosed, but its posting and authorization commands can print the raw AISA API key into normal output.

Install only if you trust the AISA relay with Twitter/X OAuth, post content, media files, and your AISA API key. Treat command output from authorize and post as sensitive until the key-printing behavior is fixed, and review exact post text, account, reply/quote target, and attachments before allowing publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The client includes the raw AISA API key in user-visible JSON returned by posting/status-related flows. This unnecessarily discloses a bearer credential that may be captured by terminal history, logs, CI job output, shell wrappers, or screenshots, enabling unauthorized use of the relay service.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The authorization command prints the raw API key in the JSON output alongside the authorization URL. Because the key is a bearer secret, any party with access to console output, logs, transcripts, or copied command results can reuse it to call the relay API.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Post results include the raw API key in normal command output, which leaks credentials during routine operation rather than only exceptional debugging. In agent or automation contexts, stdout is commonly persisted, forwarded, or monitored, increasing the chance of credential compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal