ClawHub

twitter browser post

Security checks across malware telemetry and agentic risk

Overview

The skill is instruction-only and mostly matches its stated purpose, but it can run hourly and publish public social posts using a logged-in account with under-scoped controls.

Install only if you intend to monitor this X profile on a recurring schedule and potentially post from the browser profile's logged-in X account. Before enabling cron, change the Telegram recipient to an account you control, confirm the exact X account, require review of every rewritten post before approval, and keep a clear way to disable the recurring job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description includes broad triggers such as any user request to monitor Tom Doerr, cron-driven execution, and checking for shared GitHub repositories, which can cause the skill to activate in contexts beyond a narrowly scoped, user-consented workflow. Because this skill performs external actions across X.com, Telegram, and cron automation, overbroad activation increases the chance of unintended monitoring, message sending, or social-posting behavior without sufficiently explicit user intent.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill mandates translation and rewriting into Brazilian Portuguese for reach without any indication that the user requested language conversion or consented to content transformation. This can cause unauthorized alteration of source content and unexpected behavior, especially in an automated social-posting pipeline where the rewritten message may misrepresent the original post or violate user expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal