Back to skill
Skillv1.0.0
ClawScan security
twitter-dance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 7:04 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions require sensitive API keys and a Twitter auth token (and give instructions to extract one from your browser), but the registry metadata does not declare required credentials — this mismatch and the token-handling guidance are concerning and deserve review before use.
- Guidance
- Before installing or running this skill: - Don’t trust the registry metadata alone — inspect SKILL.md and the code: this skill expects APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, and optionally KIMI_API_KEY even though the registry lists none. - Verify provenance: source/homepage are listed as unknown/none in the metadata; package.json points to a GitHub path — confirm the repository and maintainer identity before trusting keys. - Avoid extracting long‑lived session tokens from your primary account via browser devtools. Prefer creating a dedicated developer/app token with minimal scope or use a throwaway/test account for initial testing. - Review the code (especially src/* and scripts/*) to see how credentials are used and whether verbose/debug logging might print sensitive data to logs. If you enable verbose=2, watch for sensitive fields in logs. - Run the code in an isolated environment (throwaway account, sandbox container or VM) first. Do not place production account credentials into the skill until you confirm behaviour. - Consider rotating credentials after any test runs. If you must use the skill, grant only the minimum scopes needed and avoid long-lived tokens where possible. - If you want to proceed, ask the maintainer to update registry metadata to declare required env vars and to document token/scopes clearly; request a reproducible source URL (official repo) and a minimal set of permissions for TWITTER_AUTH_TOKEN. I have medium confidence because the code and docs align with the stated purpose, but the metadata omission and the token extraction guidance are suspicious and merit manual review before use.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (Twitter automation via apidance.pro and optional Kimi) legitimately requires APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, and optionally KIMI_API_KEY. However, the registry metadata declares no required environment variables or primary credential, which is inconsistent with the SKILL.md and included code (many scripts and client files that read process.env). The lack of declared credentials in metadata is an incoherence that should be clarified.
- Instruction Scope
- concernSKILL.md instructs the agent/user to export APIDANCE_API_KEY, TWITTER_AUTH_TOKEN and KIMI_API_KEY and gives commands to run scripts and cron jobs. It also explicitly tells users to obtain a TWITTER_AUTH_TOKEN by copying the Authorization header from X.com developer tools — guidance that can encourage insecure token extraction and accidental exposure. The docs enable verbose logging (verbose=2) which will print full GraphQL requests/responses for debugging; that could surface sensitive data if not reviewed. Scripts write logs to a logs/ directory and suggest running long‑running watchers (--watch); these behaviours are within the skill's scope but increase the risk surface.
- Install Mechanism
- okNo install spec is provided (instruction-only skill), and the repository includes source and a small bundled dependency (dotenv) rather than arbitrary downloads. There is no evidence of external arbitrary binary downloads or extract steps; risk from installation artifacts is therefore low. However, the package includes many scripts and full client code, so review of the codebase is necessary before execution.
- Credentials
- concernThe required credentials (APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, optional KIMI_API_KEY) are appropriate for a Twitter automation skill. The concern is that the registry metadata did not declare any required env vars or a primary credential, yet the SKILL.md and code clearly require them. TWITTER_AUTH_TOKEN (a bearer/session token) is particularly sensitive; the skill's instructions on obtaining it via browser request copying and storing it locally increase the chance of misuse or accidental leakage. No other unrelated credentials are requested.
- Persistence & Privilege
- notealways:false (normal). The skill can be invoked autonomously (disable-model-invocation:false), which is the platform default. Because the skill uses sensitive API credentials and supports scheduling/cron instructions, autonomous invocation increases the potential blast radius if credentials or behaviour are misconfigured — review and limit autonomous runs until you audit the code and tokens. The skill does not request system-wide config changes or other skills' configs.