ClawHub

Tweet Processor

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow tweet-to-notes helper that discloses its local note-writing behavior and does not show hidden execution, credential use, exfiltration, or destructive actions.

Install this only if you want tweet links you send to be saved into local tweet-notes markdown files. Review saved summaries for accuracy and avoid processing private or sensitive tweets unless you are comfortable storing their URLs and derived notes locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the agent will 'update the files' after a tweet URL is sent, but it does not clearly warn users that this causes automatic writes to specific local paths under /tweet-notes. That omission can lead to unintended file modifications by users who expect passive analysis rather than side effects, increasing the risk of accidental data changes or trust misuse.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is configured to act automatically whenever a tweet URL is provided, which is a broad trigger for a behavior that performs navigation, extraction, categorization, and file modification. That coupling increases the chance of unintended invocation and silent side effects, especially in conversations where a link is shared for discussion rather than to authorize note-taking.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description says it will automatically process tweet URLs and append content into local markdown files, but it does not present this as a user-visible warning or require acknowledgment before modifying local state. This is dangerous because users may share a link expecting analysis only, while the agent persists derived content to files without clear consent, creating integrity and privacy risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal