v1.0.0

Falcon

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

Falcon is coherent for a Twitter/X integration, but it deserves review because write actions use a full Twitter auth cookie and can perform public account actions through a third-party API without a technical confirmation gate.

GuidanceUse Falcon for read-only Twitter/X lookup only with TWEXAPI_KEY unless you are comfortable trusting TwexAPI and this script with your Twitter auth cookie. Do not set TWITTER_COOKIE unless you need posting or engagement, require explicit approval for every write action, and consider using a separate account or rotating the cookie afterward.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

falcon.sh

cmd_tweet() { ... require_cookie ... api_post "/twitter/tweets/create" "$json" }

Once the write command is invoked, the script sends the post request directly; the artifact does not show an interactive confirmation inside the tool.

User impactAn accidental or autonomous invocation of a write command could create public Twitter/X activity before the user has a chance to review the exact action.

RecommendationRequire explicit user approval immediately before every tweet, reply, quote, like, retweet, bookmark, follow, or unfollow, and consider adding an in-script confirmation flag or prompt.

Tool Misuse and Exploitation

SeverityLowConfidenceMediumStatusNote

.claude/settings.local.json

"Bash(/home/user/Documents/Falcon/falcon:*)"

The included local settings file broadly allowlists any Falcon CLI invocation, which would cover both read and write subcommands if those permissions are honored.

User impactBroad command allowlisting can reduce per-command friction for high-impact account actions.

RecommendationRemove broad local allow rules or narrow them to read-only commands unless write actions are always manually approved.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The artifact provenance is limited, which matters more because the skill can handle a Twitter/X session cookie.

User impactIt is harder to independently verify the publisher or intended provider relationship before trusting the skill with account credentials.

RecommendationReview the included script and verify the TwexAPI service independently before providing credentials.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

TWITTER_COOKIE env var: Twitter auth cookie (required for write/engagement commands)

A Twitter auth cookie is a high-impact session credential that can authorize account actions, and it is needed for the skill's write and engagement features.

User impactIf the cookie is provided, the skill can act through the user's Twitter/X account for posting and engagement actions.

RecommendationOnly provide TWITTER_COOKIE if you fully trust the skill and TwexAPI, prefer a limited or separate account if possible, and remove or rotate the cookie after use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceHighStatusConcern

falcon.sh

BASE_URL="https://api.twexapi.io" ... --arg cookie "$TWITTER_COOKIE" ... '{tweet_content: $text, cookie: $cookie}' ... api_post "/twitter/tweets/create"

The script places the Twitter auth cookie into a JSON request body sent to the external TwexAPI service for write actions.

User impactThe third-party API receives a sensitive Twitter/X session credential, which could expose the account if the provider or request handling is not trusted.

RecommendationVerify TwexAPI's legitimacy and data handling before using write commands, and avoid supplying the cookie for read-only use.