ClawHub

Twitch

Security checks across malware telemetry and agentic risk

Overview

This is a local-only Twitch-themed logging CLI with plaintext history/export privacy caveats, but no evidence of network exfiltration, credential access, privilege abuse, or destructive behavior.

Install only if you want a local plaintext tracker. Do not enter passwords, OAuth tokens, private stream notes, or other secrets. Periodically review or remove `~/.local/share/twitch` if you do not want the stored history or exports retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill’s stated purpose is managing Twitch channel data, but the documented behavior is really a generic local logging and note-tracking utility with export, search, status, and arbitrary category commands. This mismatch can mislead users and downstream agents about what the skill actually does, causing them to store unrelated or sensitive data under the assumption it is a narrowly scoped Twitch tool.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises automatic local history and activity logging but provides no privacy warning about persistence, retention, or the kinds of potentially sensitive inputs that may be written to disk. In an agent context, users may enter channel notes, rankings, or other free-form content assuming ephemeral handling, which creates avoidable privacy and data exposure risk on shared or compromised systems.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The documented reset command is potentially destructive, yet the skill gives no warning about what data it removes, whether the action is reversible, or whether confirmation is required. In a CLI or agent-driven workflow, ambiguous destructive commands increase the chance of accidental data loss, especially because the tool persistently stores local history and entries.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script persistently stores arbitrary user-provided input under ~/.local/share/twitch/*.log and also mirrors activity into history.log without clearly warning users. In an agent-skill context, users may paste tokens, URLs, internal notes, or other sensitive operational data, creating a local privacy and data exposure risk if the host is shared, backed up, or later inspected.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The export command aggregates all stored activity into export.json/csv/txt on disk without prominent warning or confirmation. This increases the blast radius of any previously logged sensitive data by creating a consolidated artifact that is easier to exfiltrate, share accidentally, or expose through backups and local file access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal