ClawHub

Tweet Share Card

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it needs review because it automates a logged-in Chrome session, captures the screen, and passes user-supplied URLs into AppleScript without enough containment.

Install only if you are comfortable letting the skill control a dedicated Chrome/X session and capture screen content. Use an isolated browser profile with no unrelated tabs, provide only trusted X/Twitter URLs, and prefer an updated version that validates and escapes URLs before AppleScript execution and deletes intermediate screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return u & "\n" & ((item 1 of b as text) & "," & (item 2 of b as text) & "," & (item 3 of b as text) & "," & (item 4 of b as text))
end tell
'''
res = subprocess.check_output(['osascript', '-e', script]).decode().splitlines()
current_url = res[0].strip()
if 'x.com/' not in current_url and 'twitter.com/' not in current_url:
    raise SystemExit(f'Unexpected URL after navigation: {current_url}')
Confidence
91% confidence
Finding
res = subprocess.check_output(['osascript', '-e', script]).decode().splitlines()

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README describes activation as detecting any X/Twitter post link, which is overly broad and may cause the skill to trigger on loosely related content without clear user intent boundaries. In a skill that fetches external content and generates outputs from it, broad activation increases the chance of unintended processing of untrusted links, accidental invocation, and misuse in contexts where the user did not explicitly request the action.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The description says the skill reads tweet content and generates an image, but it does not clearly warn users that external content from the supplied link will be fetched, processed, and transformed into a returned artifact. This transparency gap can lead to unexpected handling of third-party content, confusion about what data is accessed, and reduced user awareness when interacting with external links.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script silently captures a portion of the user's desktop and writes image files to disk without any user-facing warning, confirmation, or retention controls. Even though the capture is meant to target a browser window, the screenshot may include unintended sensitive content if window bounds or page state differ from expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal