ClawHub

Twitter Search

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised Twitter/X search task, but its wrapper automatically evaluates shell-profile content and installs a Python package without an approval step.

Review this before installing. Safer use would be to avoid the wrapper as written, preinstall dependencies in a controlled environment, provide `TWITTER_API_KEY` explicitly through the process environment, and remove the `eval`-based shell-profile parsing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Low
Confidence
78% confidence
Finding
The documentation instructs the agent to use general web search for external context, which expands the skill beyond its stated Twitter search and analysis purpose. This increases data exposure and tool-scope creep, especially if user queries or derived findings are sent to additional third-party services without clear disclosure.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The wrapper script is documented as reading shell startup files and installing dependencies, which exceeds a narrow Twitter-search function and can alter the local environment. Auto-loading shell configs and performing package installation introduce supply-chain and unintended side-effect risks that are disproportionate to a simple search/reporting skill.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The script reads from the user's shell startup files and uses eval on extracted lines to populate TWITTER_API_KEY. Even though the apparent goal is convenience, evaluating content from ~/.bashrc or ~/.zshrc can execute unintended shell syntax and expands the skill's access into sensitive user configuration unrelated to a normal Twitter search operation.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script attempts to install Python packages at runtime with pip3 install requests --user. This introduces unexpected network access and code installation during execution, which is unnecessary for a wrapper script and can expose users to supply-chain risk or environment modification without prior consent.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill encourages collection and analysis of up to 1000 tweets and report generation without privacy, retention, or external transmission guidance. Even though tweets are often public, bulk aggregation, profiling, and export can materially increase privacy and compliance risk when user handles, links, and engagement metadata are processed at scale.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Using eval on data scraped from shell config files is unsafe because any unexpected shell metacharacters or malformed entries can lead to command execution in the current shell context. The script also accesses sensitive configuration files without explicit opt-in, increasing the chance of credential exposure or unintended behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal