ClawHub
Back to skill

Security audit

AI Twitter Daily

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate reports through an external AI API, but it sends prompts and a bearer token to a configurable third-party endpoint without enough scoping or permission disclosure.

Install only if you are comfortable sending report prompts and the configured API key to the documented endpoint. Prefer a vetted provider URL, avoid putting sensitive private data into prompts, and do not set GROK_API_URL to any host you do not fully trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tainted flow: 'API_URL' from os.getenv (line 7, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"stream": True
    }
    
    response = requests.post(API_URL, headers=headers, json=payload, timeout=180, stream=True)
    
    if response.status_code != 200:
        print(f"HTTP {response.status_code}: {response.text}", file=sys.stderr)
Confidence
97% confidence
Finding
response = requests.post(API_URL, headers=headers, json=payload, timeout=180, stream=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no permissions while clearly requiring environment variables and outbound network access. This creates a transparency and consent problem: users or hosting platforms may invoke the skill without understanding that secrets are read from the environment and sent to an external API.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill permits its outbound API endpoint to be changed via GROK_API_URL, enabling transmission of the prompt and bearer token to arbitrary third-party infrastructure. This creates a clear data exfiltration and credential leakage path and may also be abused to reach unintended internal or attacker-controlled services. Given the skill’s narrow reporting purpose, endpoint override is unnecessary and increases risk.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export GROK_API_KEY="your-api-key-here"
export GROK_API_URL="https://api.cheaprouter.club/v1/chat/completions"  # optional
export GROK_MODEL="grok-4.20-beta"  # optional
```
Confidence
94% confidence
Finding
https://api.cheaprouter.club/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal