ClawHub

botlearn-twitter-intel

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Twitter/X analysis skill; its main risks are broad activation and the need to keep social-media monitoring bounded and verified.

Install only if you want Twitter/X public-discourse analysis. Use explicit topics, accounts, languages, geography, and time windows; verify important claims against primary sources; avoid acting on Twitter-only crisis intelligence; and use least-privilege read-oriented API credentials if you connect external access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains generic terms like "twitter," "tweet," and "trending," which are likely to match many ordinary user requests that do not actually need this skill. Over-broad activation increases the chance the skill is invoked in unintended contexts, causing context hijacking, irrelevant behavior, or accidental routing of user requests into social-intelligence workflows.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation clause "WHEN the user requests Twitter monitoring, KOL tracking, or trend analysis" is broad and does not define clear inclusion or exclusion boundaries. This makes the skill easier to trigger on loosely related requests, which can lead to unintended activation, incorrect tool selection, and over-collection or synthesis of social-media intelligence when the user did not explicitly ask for it.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The task asks for broad monitoring and investigation of discourse evolution, sentiment shifts, KOL activity, and coordinated campaigns without bounding data sources, time windows, evidentiary thresholds, or prohibited inferences. In a social-media intelligence skill, this can encourage overcollection, speculative attribution, and unsupported claims about coordination or actors, especially when the model is pressed to produce a definitive analysis from ambiguous signals.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The competitive-intelligence benchmark requests open-ended monitoring of KOLs, market trends, competitors, and partnerships without guardrails on collection scope, acceptable sources, or treatment of rumors. In this context, the skill could normalize broad surveillance-style gathering and presentation of speculative competitive signals as actionable intelligence.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The benchmark asks for example tweets about a public figure and sentiment percentages but provides no guidance on minimizing exposure of user-generated content, attribution standards, or privacy considerations for quoted posts. Even though the subject is a public figure, the examples may pull in ordinary users' content and amplify harassment, miscontextualization, or personal data embedded in tweets.

Missing User Warnings

High
Confidence
95% confidence
Finding
This task involves real-time crisis monitoring during a cybersecurity breach, yet it lacks an explicit warning that social-media claims may be false, manipulated, or harmful if acted upon without verification. In this skill context, that omission is more dangerous because the requested output is framed as decision-support intelligence during an active incident, increasing the chance that rumors, disinformation, or misattributed claims are operationalized.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal