Skillv1.0.0

ClawScan security

X Alpha Scout · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:44 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality (scanning X/Twitter) aligns with its instructions, but the SKILL.md requests high‑privilege X credentials and relies on an external CLI while the registry metadata lists no required env vars or binaries and the delivery/scheduling instructions are vague — these mismatches are concerning.
Guidance: Key things to consider before installing or enabling this skill: - Credentials: The SKILL.md asks for X_AUTH_TOKEN and X_CT0 (a ct0 session cookie). Those are sensitive — a ct0 cookie can allow actions as your account. Do not supply these from your primary/personal X account. Prefer a read-only or throwaway X account with minimal privileges if you must test. - Registry metadata mismatch: The registry entry lists no required env vars or binaries, but the instructions require the bird CLI and two X credentials. Ask the publisher why the metadata omits these requirements and request that required env vars and binaries be declared in the registry. - bird CLI provenance: The skill depends on an external CLI ('bird'). Install only from a trusted source (official GitHub repo or verified Homebrew tap). Verify the bird project and review its release artifacts before installing. - Delivery channels & scheduling: The skill says to 'deliver' reports via Discord/Telegram/etc. but does not declare how credentials for those channels are provided or stored. Ask for clarification and avoid giving messaging-service tokens unless you understand how they're used and stored. - Autonomy risk: The skill is designed for daily automated runs. If you enable autonomous invocation, ensure the credentials you provide are scoped appropriately and monitor activity. Consider running the skill manually first to validate behavior. - Code review & sandboxing: The included script (scripts/parse_calls.py) appears to only parse JSON tweet output into structured calls (no network exfiltration). Still, review the code and test in an isolated environment. Inspect the referenced GitHub repo (github.com/hammad-btc/alpha-scout-skill) for additional code or installer steps. - Ask the publisher: Because the homepage is missing and the registry metadata is incomplete, ask the skill author to (1) publish a homepage/repo link in the registry, (2) update metadata to list required env vars/binaries, (3) explicitly document delivery mechanisms and credential use, and (4) confirm whether the skill ever posts or performs actions on X (the SKILL.md only shows read/search operations, but that should be explicitly confirmed). If you decide to try the skill, do so with a dedicated/test X account and without sharing primary account cookies/tokens until you're satisfied with provenance and behavior.

Review Dimensions

Purpose & Capability: concernThe skill is an X/Twitter scanner and legitimately needs access to X data. However, the SKILL.md explicitly requires two X credentials (X_AUTH_TOKEN and X_CT0) and expects the 'bird' CLI to be installed, while the registry metadata declares no required env vars or binaries. That mismatch between declared requirements and the runtime instructions is an incoherence that requires explanation.
Instruction Scope: concernRuntime instructions direct the agent to run 'bird' searches (read-only) and to produce reports. They also instruct auto-running daily at 00:00 UTC and to 'Deliver: Send to user via their preferred channel (Discord, Telegram, etc.)' — but do not specify how delivery credentials or scheduling are provided. The SKILL.md references environment variables that are not declared in the registry. While the operations appear primarily read-only, the vagueness around delivery and scheduling grants the agent broad discretion and increases risk if credentials are provided.
Install Mechanism: noteThis is instruction-only (no install spec). README instructs installing 'bird' via Homebrew or GitHub releases — both common approaches. There is no bundled installer or arbitrary download embedded in the skill files, which reduces direct install risk, but the skill depends on an external CLI the user must install and trust.
Credentials: concernThe SKILL.md requires X_AUTH_TOKEN and X_CT0 (a session cookie) — both are high‑value credentials that can allow account access. The registry metadata, however, lists no required env vars or primary credential. That omission is disproportionate and inconsistent. The skill also suggests delivering reports to external channels but does not request or document credentials for those channels.
Persistence & Privilege: noteThe skill does not request 'always: true' and defaults allow autonomous invocation (platform default). The SKILL.md mentions an automated daily report at 00:00 UTC; combined with the need for X credentials, autonomous runs increase the blast radius (the agent could repeatedly access X using provided credentials). This combination is notable but not itself a proof of malicious intent.