ClawHub

X Reader

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: fetch public X/Twitter post content through Nitter or RapidAPI, with no hidden persistence or destructive behavior.

Install only if you are comfortable sending queried X/Twitter usernames and post IDs to public Nitter instances or RapidAPI. Use a low-quota dedicated RapidAPI key if enabling detailed mode, treat returned post text as untrusted content, and consider pinning the Python dependency in controlled environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation indicates capabilities requiring environment-variable access and outbound network access, but it does not declare permissions for them. This can mislead users and security tooling about what the skill actually does, reducing informed consent and making review and policy enforcement harder.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The RapidAPI usage instructions tell users to export an API key and send requests to a third-party service, but they do not warn that tweet URLs, identifiers, and associated metadata will be transmitted externally. This omission creates a privacy and transparency issue, especially if users assume the skill only reads public content locally or through a privacy-preserving path.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
When no API key is present, the script automatically contacts public Nitter instances and embeds the username and tweet ID into outbound requests without clearly informing the user or obtaining consent. This leaks the queried account/post metadata to unaffiliated third-party services, which is a privacy and data-sharing risk made more significant by the skill's purpose of accessing X content through unofficial channels.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal