ClawHub

xbird

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Twitter/X automation skill, but it asks for powerful account and wallet credentials and can make live public account changes through an unpinned third-party npx package.

Install only if you trust the third-party npm package with session-level access to your Twitter/X account. Prefer a dedicated low-risk account, pin and inspect the package before use, avoid supplying the wallet private key unless necessary, use a limited-funded wallet, and require manual confirmation for every post, reply, retweet, follow, media upload, and profile change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to supply highly sensitive Twitter/X session cookies (`auth_token`, `ct0`) and optionally a wallet private key, but it does not clearly warn that these secrets grant account access and potential payment authority. In a skill that performs authenticated social actions and micropayments, exposing or mishandling these values could lead to account takeover, unauthorized posting, data access, or financial loss.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill exposes numerous state-changing operations such as posting tweets, replying, liking, retweeting, following, updating profile data, and uploading media, but it does not clearly warn that these actions directly modify the user's live Twitter/X account. In this context, an agent could perform unintended public actions, alter profile identity, or create reputational damage if the user does not understand the side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal