Skillv0.1.0

ClawScan security

TwitterApi Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 9:04 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is broadly what it claims (a Twitter/X research CLI using twitterapi.io) but the bundle metadata omits that it requires a twitterapi.io API key and the runtime instructions ask you to source a global env file (which can expose unrelated secrets), so the package and its manifest are inconsistent and deserve caution before installing.
Guidance: Do not install blindly. The code requires a twitterapi.io API key (TWITTERAPI_IO_KEY) even though the registry metadata doesn't declare it—that mismatch is a red flag. Before installing: (1) verify the skill source (review the GitHub repo or author) and confirm you trust twitterapi.io; (2) avoid 'sourcing' a global env file that may contain many other secrets—prefer storing the TWITTERAPI_IO_KEY in a dedicated secret store or an agent-specific environment variable; (3) be aware agent session logs or tooling may record HTTP headers/commands (the README warns your API key could appear in logs), and rotate the key if you suspect exposure; (4) note this tool writes caches, a watchlist and saved drafts to your home directory—review those paths if privacy matters; (5) ensure Bun is acceptable in your environment. If the author can update the registry metadata to declare TWITTERAPI_IO_KEY (and any other required vars) and remove guidance to source a global env containing unrelated secrets, the inconsistency would be resolved and this would look far more benign.

Review Dimensions

Purpose & Capability: concernThe code and SKILL.md clearly require a TWITTERAPI_IO_KEY and Bun to run, which is coherent with a twitterapi.io-based research tool — but the registry metadata lists no required environment variables or primary credential. That mismatch (manifest says 'none' while runtime code insists on an API key) is a material inconsistency.
Instruction Scope: concernSKILL.md and README instruct the user/agent to 'source ~/.config/env/global.env' and the code will read that file to extract TWITTERAPI_IO_KEY. Sourcing a global env file can expose many unrelated environment variables to the shell/agent session and agent logs. Apart from that, the instructions stick to search/profile/thread workflows and fetching linked web resources (web_fetch) which is expected for research, but the explicit guidance to source a global env file expands the skill's read scope beyond only the Twitter key.
Install Mechanism: okNo remote install/downloads or obscure URLs are used; this skill is provided as source files and is run with Bun per the README. There is no install spec that would fetch arbitrary code at runtime. The only external dependency is the third-party API (twitterapi.io) which is expected for this purpose.
Credentials: concernThe runtime requires TWITTERAPI_IO_KEY (read from env or ~/.config/env/global.env) but the registry metadata does not declare this or any primary credential. The skill also accesses HOME paths (writes drafts to ~/clawd/drafts and a watchlist under the skill data directory). Requesting a single API key is proportionate to the stated purpose, but the manifest omission and instruction to source a global env file (potentially exposing other secrets) are disproportionate and risky.
Persistence & Privilege: okThe skill does local, expected file writes (cache, data/watchlist.json, and optional saved drafts) within its own skill directory and a drafts directory under the user's home. It does not request always:true, nor does it appear to modify other skills or system-wide configs. No elevated persistence is requested.