v1.0.0

Twitter Daily Digest

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:25 AM.

Analysis

The skill’s Twitter digest purpose is coherent, but it uses logged-in Twitter access and a local Notion token, then can sync the digest to a hard-coded Notion page despite metadata declaring no credentials.

GuidanceReview this before installing. It appears designed to do what it says—collect Twitter/X updates and summarize them—but it needs logged-in Twitter CLI access and may write results to Notion. Make sure the twitter CLI is trusted, the Notion API key is yours, and the hard-coded Notion parent page is changed or confirmed before syncing.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityInfoConfidenceHighStatusNote

scripts/fetch_digest.py

cmd = [twitter_bin] + args + ["--json"]
result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout)

The script invokes a local twitter binary to collect data. This is expected for the skill’s purpose and uses argument lists rather than shell strings, but it is still local command execution.

User impactThe skill’s behavior depends on whichever twitter CLI binary is found or specified in the environment.

RecommendationUse a trusted twitter-cli installation and avoid pointing TWITTER_BIN at untrusted executables.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

安装命令：`uv tool install twitter-cli`

The skill relies on an external CLI package installed by name without a pinned version in the provided artifacts. This is purpose-aligned but leaves package provenance/version review to the user.

User impactInstalling or updating the external CLI could change what account data is accessed or how it is handled.

RecommendationPin and document a trusted twitter-cli version, or have users verify the package source before installing.

Agent Goal Hijack

SeverityLowConfidenceMediumStatusNote

SKILL.md

agent 读取 JSON，自行做主观整理 ... `text`: "完整推文内容"

The agent is instructed to read raw tweet text and make editorial judgments from it. That is expected for a digest, but tweet content is untrusted external text and could contain prompt-injection-style instructions.

User impactA malicious tweet could try to influence the agent’s summary or next actions if not treated strictly as data.

RecommendationTreat tweet text as untrusted content, ignore any instructions inside tweets, and summarize only factual tweet content.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

已安装并认证 twitter CLI ... 如需 Notion：`~/.config/notion/api_key` 存在

The skill expects a locally authenticated Twitter CLI and may read a local Notion API key, while the metadata declares no primary credential, required environment variables, or required config paths.

User impactThe skill can use your logged-in Twitter/X context to enumerate followed accounts and recent posts, and can use a Notion integration token if present.

RecommendationOnly install if you are comfortable with this account access; the publisher should declare the required binary, authenticated Twitter access, Notion key path, and intended permission scope in metadata.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

scripts/fetch_digest.py

DEFAULT_NOTION_PARENT_PAGE_ID = "323dfb80-f233-811a-b597-f30cb2013145"
DEFAULT_NOTION_KEY_PATH = Path.home() / ".config/notion/api_key"

The Notion sync path uses a local API key and a hard-coded parent page ID, so the destination for uploaded digest content is not clearly user-scoped in the code or metadata.

User impactA digest containing your followed accounts and tweet content could be written to a Notion page if a usable Notion key is present.

RecommendationVerify or change the Notion parent page before syncing, and prefer an explicit user-provided destination plus per-run confirmation for external publishing.