Back to skill
Skillv1.4.1
VirusTotal security
twit-mcp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:26 AM
- Hash
- 65d1bf904bfbe2eb9f38260a13d804f5b029a39a93446354e1d65200878e39a1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: twit-mcp Version: 1.4.1 The twit-mcp skill bundle provides Twitter integration via a micropayment service (x402). It requires a WALLET_PRIVATE_KEY for payments and uses Playwright in src/index.ts to extract Twitter session cookies (auth_token and ct0) after a user logs in via a controlled browser instance. These sensitive credentials are saved locally to ~/.twit-mcp-credentials.json (managed in src/auth.ts) and are subsequently transmitted to a third-party endpoint (https://x402.twit.sh) to perform account actions like posting or liking tweets. While this behavior is documented as the method to avoid official API keys, the transmission of raw session cookies to an external service grants that service full control over the user's Twitter account, representing a high security risk.
- External report
- View on VirusTotal