Skillv1.0.2

ClawScan security

Tweet Summarizer Lite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 7:12 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (fetching and summarizing single tweets), but there are several metadata and documentation inconsistencies and a reliance on sensitive browser session cookies and a third‑party CLI that you should review before installing.
Guidance: Before installing or running this skill: - Confirm the source: the registry metadata you provided lacks required env and binary declarations, while the bundled SKILL.md/package.json/scripts do require AUTH_TOKEN, CT0, and the 'bird' CLI. Ask the publisher to explain the mismatch or install from the official repo URL (verify commit history and publisher identity). - Treat AUTH_TOKEN and CT0 as highly sensitive session cookies. Prefer using a throwaway/dedicated account for scraping. Do not paste your primary account cookies into third-party tools unless you trust them. - Verify the 'bird' CLI: inspect its source or install from a trusted release. The Python code shown here does not exfiltrate tokens itself, but the bird binary will perform network requests using those cookies—so bird's trustworthiness matters. - Fix/document path inconsistencies: the scripts save to ~/.openclaw/.../data/tweets-lite while README/SKILL.md mention different paths. Confirm where your data and any config files will be written before running. - If you proceed, do not commit cookies or the data folder to version control; rotate cookies if you suspect compromise. If you need help verifying the bird binary or want me to flag exact lines of concern in the code, I can do a deeper review. Clarifying the metadata mismatches (registry vs SKILL.md/package.json) would raise confidence.

Review Dimensions

Purpose & Capability: concernThe skill's behavior (needs AUTH_TOKEN/CT0, uses the bird CLI, stores tweets locally) is coherent with a Twitter/X fetcher. However the registry metadata you provided lists no required env vars or binaries, while SKILL.md and package.json declare AUTH_TOKEN, CT0, and the 'bird' CLI. Multiple files and docs disagree on storage paths (README/SKILL.md mention ~/.openclaw/.../data/tweets/ vs scripts using tweets-lite). These mismatches between published metadata and the included files are a red flag (supply-chain or packaging errors) and should be clarified.
Instruction Scope: noteSKILL.md instructs the agent to run the included Python scripts and to ask the user to copy session cookies from their browser DevTools. The scripts only read AUTH_TOKEN/CT0 from environment variables, call the local 'bird' CLI, and write tweet text to a local index.json. They do not contact any unexpected external endpoints themselves, but they do rely on the bird CLI to contact Twitter. The manual cookie-extraction instruction is sensitive (it directs users to copy credentials) but is consistent with how browser session cookies are used.
Install Mechanism: noteThere is no install spec in the registry (instruction-only), which reduces direct install risk. However the README and SKILL.md recommend installing the third-party 'bird' CLI (npm install -g @steipete/bird). Installing that CLI pulls code from an external registry; if you trust this skill you must also trust that third-party tool. The skill itself does not download or execute arbitrary remote archives.
Credentials: noteRequesting AUTH_TOKEN and CT0 (Twitter session cookies) is proportionate for a tool that fetches tweets via an authenticated session. That said, these are highly sensitive credentials (equivalent to account session access). The skill declares it only uses them in-memory and does not log or transmit them itself, but the actual network interactions are performed by the bird CLI, so trust depends on that binary. Also note the registry metadata omitted these required env vars, which is inconsistent.
Persistence & Privilege: okThe skill does not request always:true, it is user-invocable, and only writes files under the user's home (~/.openclaw/...). It writes its own config and stored tweets; it does not modify other skills or global agent settings. This level of persistence is expected for a local fetch-and-store utility.