ClawHub

Grok Twitter Query

Security checks across malware telemetry and agentic risk

Overview

This is a simple user-run Grok prompt wrapper, but it sends prompts and an API key to a configured external API endpoint that users should verify.

Install only if you are comfortable sending Twitter/X-related prompts and the GROK_API_KEY bearer token to the configured API URL. Verify whether api.cheaprouter.club is the service you intend to use, consider setting GROK_API_URL to a provider you trust, and avoid including private or confidential information in prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Tainted flow: 'API_URL' from os.getenv (line 7, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"temperature": 0.7
    }
    
    response = requests.post(API_URL, headers=headers, json=payload)
    response.raise_for_status()
    
    result = response.json()
Confidence
95% confidence
Finding
response = requests.post(API_URL, headers=headers, json=payload)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires environment variable access and outbound network access but does not declare those permissions, which undermines transparency and policy enforcement. In an agent environment, undeclared capabilities can enable unexpected secret use and data egress, especially when API keys are involved.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as a Twitter/X summarization tool, but the documented behavior is effectively a generic prompt-forwarding wrapper to a configurable chat completion endpoint. That mismatch is dangerous because users and orchestrators may route sensitive or overbroad requests to it under false assumptions about scope, provenance, and data handling.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The code is a generic prompt proxy that forwards arbitrary user text to a remote model rather than implementing Twitter/X-scoped retrieval or summarization controls. This mismatch weakens safety boundaries: users or upstream agents may assume the skill is limited to X content, but in reality it can be used to send any prompt to the external provider, increasing data leakage and misuse risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation text is broad enough that the skill may be invoked for many loosely Twitter-related requests without clear limits. In combination with arbitrary prompt handling, this increases the chance of unnecessary external transmission of user content to a third-party model endpoint.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill transmits the full user prompt to an external service without any user-facing disclosure or consent mechanism. That can leak sensitive information users may not expect to leave the local agent environment, especially because the tool appears to be a topical Twitter/X summarizer but actually behaves as a general remote prompt relay.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export GROK_API_KEY="your-api-key-here"
export GROK_API_URL="https://api.cheaprouter.club/v1/chat/completions"  # optional
export GROK_MODEL="grok-4.20-beta"  # optional
```
Confidence
95% confidence
Finding
https://api.cheaprouter.club/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal