ClawHub

xfetch

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent X/Twitter data-fetching helper, but it asks agents to use browser cookies and an external CLI to access private account data without clear consent, storage, or safety boundaries.

Install only if you trust the external xfetch CLI and are comfortable granting it access to your X/Twitter browser session. Use a dedicated browser profile or account where possible, confirm before running private-data commands such as DMs, bookmarks, notifications, or home timeline, avoid pasting tokens into chat, and clear saved authentication when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is written as a catch-all trigger for nearly any X/Twitter-related request, which increases the chance an agent will invoke it automatically even for ambiguous prompts. Because this skill can access authenticated account data such as timelines, bookmarks, notifications, and DMs, broad routing materially raises the risk of unnecessary or over-privileged data access.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly supports cookie-based authentication and private account data retrieval without any prominent privacy warning or consent boundary. In context, this is more dangerous because the same tool can read DMs, notifications, bookmarks, and timelines, so users may not realize that invoking the skill could expose highly sensitive personal account content and reusable authentication material.

Missing User Warnings

High
Confidence
99% confidence
Finding
These instructions tell the operator to extract browser cookies or set auth tokens directly, but they do not warn that auth_token and ct0 are sensitive session credentials that can enable account access. That omission is dangerous because an agent or user could handle, display, store, or transmit those values insecurely, leading to account compromise or unauthorized access to private X/Twitter data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal