twitterapi-io

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent TwitterAPI.io integration, but it gives an agent broad live Twitter/X account authority with sensitive credentials and no clear confirmation boundaries.

Install only if you are comfortable letting an agent use TwitterAPI.io for live Twitter/X operations. Use a dedicated or low-risk account, avoid sharing raw passwords or long-lived 2FA secrets where possible, keep cookies and API keys out of logs, and require manual confirmation for every post, DM, follow, delete, upload, profile change, community action, or monitoring rule.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (19)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README prominently advertises write-capable actions such as posting, liking, retweeting, following, sending DMs, and profile management without any warning that these are live account-affecting operations. In an agent-skill context, this increases the risk that a user or downstream LLM invokes destructive or privacy-sensitive actions without realizing they will execute against a real authenticated Twitter/X account.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The statement that dropping the skill into an AI tool's context lets it 'start making real Twitter API calls' normalizes immediate live external execution without emphasizing consent, scope limits, or the consequences of authenticated actions. Because this skill supports write endpoints, an agent may perform actions on behalf of a user account, leading to unwanted posts, follows, DMs, or profile changes.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The example prompt encourages use of the skill without noting that it may contact external services and potentially use authenticated context. While the example itself is read-oriented, in this skill's broader context it conditions users to treat the tool as passive documentation rather than a live integration capable of account-linked network access.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description is very broad and says to use it whenever the user wants to read or write Twitter data, which can cause over-invocation for loosely related requests. In a skill that supports account-affecting actions, broad routing increases the chance an agent selects it without first confirming user intent, credentials, or safety constraints.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill advertises posting tweets, liking, retweeting, following, and sending DMs without an explicit warning that these are external, irreversible, or account-impacting operations. In an agent setting, this can lead to unintended social actions, reputational harm, spam-like behavior, or misuse of a connected Twitter account if the tool is invoked without strong confirmation boundaries.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The webhook/stream setup guidance tells users to configure monitoring and receive notifications but does not clearly warn that tweet and event data will be forwarded to an external webhook endpoint. This creates privacy and data-handling risk because users may transmit public and potentially sensitive metadata to third-party infrastructure without understanding retention, exposure, or access implications.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The index advertises sensitive write capabilities including login, tweet creation/deletion, follows, DMs, and profile changes without any embedded warning about consent, privacy, or destructive effects. In an agent setting, this increases the risk that the skill is invoked for high-impact account actions without adequate user confirmation or safety gating, especially for endpoints involving credentials and private messaging.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The documentation shows a DM-history endpoint that requires `login_cookies` to be placed in the URL query string of a GET request. Session cookies in URLs are highly sensitive because they are commonly exposed via server/access logs, browser history, monitoring tools, referrer leakage, and intermediary systems; in this skill's context, those cookies could enable account takeover or unauthorized access to private DMs.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document instructs users to transmit highly sensitive credentials and authentication material, including username, email, password, proxy credentials, and TOTP secret, to a third-party API without any warning about the sensitivity, storage risk, or trust implications. Because the skill is specifically designed to broker Twitter actions through twitterapi.io rather than direct Twitter OAuth, it normalizes credential sharing that could enable account takeover or long-lived session abuse if mishandled.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This file documents numerous account-modifying and destructive actions such as deleting tweets, following/unfollowing users, sending DMs, changing profile assets, and deleting communities, but provides no warning about irreversible effects, user-consent requirements, or abuse potential. In an agent skill context, omission of these safeguards increases the chance of unauthorized or accidental actions on behalf of a user account.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The upload examples instruct the caller to send local files such as media, avatar, and banner images to a remote third-party service without warning that local content leaves the user's environment. In an agent setting, this can lead to unintended disclosure of private files or metadata if users do not realize uploads are exfiltrating local data to an external service.

External Transmission

Medium

Category: Data Exfiltration
Content: **Get DM History by User ID** `GET /twitter/get_dm_history_by_user_id` ```bash curl -s "https://api.twitterapi.io/twitter/get_dm_history_by_user_id?login_cookies=COOKIE&user_id=USERID" \ -H "X-API-Key: $TWITTERAPI_IO_KEY" ``` Params: `login_cookies` (required), `user_id` (required), `proxy` (optional but recommended, residential proxy URL)
Confidence: 99% confidence
Finding: https://api.twitterapi.io/

External Transmission

Medium

Category: Data Exfiltration
Content: **Login V2** `POST /twitter/user_login_v2` (300 credits) ```bash curl -s -X POST "https://api.twitterapi.io/twitter/user_login_v2" \ -H "X-API-Key: $TWITTERAPI_IO_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 97% confidence
Finding: curl -s -X POST "https://api.twitterapi.io/twitter/user_login_v2" \ -H "X-API-Key: $TWITTERAPI_IO_KEY" \ -H "Content-Type: application/json" \ -d '{ "user_name": "USERNAME", "email": "EM

External Transmission

Medium

Category: Data Exfiltration
Content: **Login V2** `POST /twitter/user_login_v2` (300 credits) ```bash curl -s -X POST "https://api.twitterapi.io/twitter/user_login_v2" \ -H "X-API-Key: $TWITTERAPI_IO_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 97% confidence
Finding: https://api.twitterapi.io/

External Transmission

Medium

Category: Data Exfiltration
Content: **Upload Media** `POST /twitter/upload_media_v2` (300 credits) -- **multipart/form-data**, not JSON! ```bash curl -s -X POST "https://api.twitterapi.io/twitter/upload_media_v2" \ -H "X-API-Key: $TWITTERAPI_IO_KEY" \ -F "file=@/path/to/image.jpg" \ -F "login_cookies=COOKIE" \
Confidence: 92% confidence
Finding: https://api.twitterapi.io/

External Transmission

Medium

Category: Data Exfiltration
Content: **Update Avatar** `PATCH /twitter/update_avatar_v2` (300 credits) -- **multipart/form-data**, not JSON! ```bash curl -s -X PATCH "https://api.twitterapi.io/twitter/update_avatar_v2" \ -H "X-API-Key: $TWITTERAPI_IO_KEY" \ -F "file=@/path/to/avatar.jpg" \ -F "login_cookies=COOKIE" \
Confidence: 92% confidence
Finding: https://api.twitterapi.io/

External Transmission

Medium

Category: Data Exfiltration
Content: **Update Banner** `PATCH /twitter/update_banner_v2` (300 credits) -- **multipart/form-data**, not JSON! ```bash curl -s -X PATCH "https://api.twitterapi.io/twitter/update_banner_v2" \ -H "X-API-Key: $TWITTERAPI_IO_KEY" \ -F "file=@/path/to/banner.jpg" \ -F "login_cookies=COOKIE" \
Confidence: 92% confidence
Finding: https://api.twitterapi.io/

External Transmission

Medium

Category: Data Exfiltration
Content: **Login by Email or Username** `POST /twitter/login_by_email_or_username` ```bash curl -s -X POST "https://api.twitterapi.io/twitter/login_by_email_or_username" -H "X-API-Key: $TWITTERAPI_IO_KEY" -H "Content-Type: application/json" -d '{ "username_or_email": "USERNAME_OR_EMAIL", "password": "PASSWORD", "proxy": "PROXY" }' ``` Body: `username_or_email` (required), `password` (required), `proxy` (required)
Confidence: 95% confidence
Finding: https://api.twitterapi.io/

External Transmission

Medium

Category: Data Exfiltration
Content: **Login by 2FA** `POST /twitter/login_by_2fa` ```bash curl -s -X POST "https://api.twitterapi.io/twitter/login_by_2fa" -H "X-API-Key: $TWITTERAPI_IO_KEY" -H "Content-Type: application/json" -d '{ "login_data": "LOGIN_DATA", "2fa_code": "123456", "proxy": "PROXY" }' ``` Body: `login_data` (required), `2fa_code` (required), `proxy` (required)
Confidence: 93% confidence
Finding: https://api.twitterapi.io/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal