ClawHub

Omni-X

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it asks users or agents to use sensitive Twitter/X session credentials in ways that need careful review before installation.

Install only if you are comfortable giving the skill or its runtime access to a Twitter/X session credential. Prefer guest mode for public profile and tweet lookup, avoid copying browser cookies into prompts or source files, do not use username/password login through an agent, and avoid saved sessions on shared or untrusted machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs users/agents to retrieve the Twitter/X auth_token cookie from browser developer tools and use it directly, which is credential harvesting/repurposing of a live session token. A bearer session cookie can grant account-linked access and may enable unauthorized actions or exposure of non-public account data if mishandled, leaked, or reused.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The guide expands agent authentication behavior beyond the declared auth-token model by instructing use of direct username/password login and loading saved sessions. For an AI agent integration guide, this is dangerous because it encourages collection or reuse of highly sensitive credentials and persistent session material, increasing the chance of credential theft, unintended account access, or unsafe secret handling by downstream agents.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The documentation is internally inconsistent: it says login-required skills need an auth token, while elsewhere documenting alternate login methods. That ambiguity can cause agents to escalate to riskier authentication paths, including password handling or replaying stored sessions, which broadens the attack surface and undermines least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The guide explicitly instructs users or AI agents to retrieve a live Twitter/X auth_token from browser cookies or request headers. That is credential harvesting guidance for a session token, which can enable account access and abuse if copied, stored, logged, or transmitted by an agent; in an agent skill context this is more dangerous because agents may automatically collect, persist, or exfiltrate sensitive secrets.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The guide documents credential-based login and saved-session handling that exceed the declared authentication model of guest plus auth_token. This expands the skill's effective secret-handling surface to usernames, passwords, and persisted session artifacts, increasing the chance that operators or downstream tooling will collect, store, or misuse sensitive account credentials.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The file claims multiple login methods despite metadata stating only guest and auth_token-based authentication. This inconsistency can cause unsafe operator behavior, undocumented credential collection, and inaccurate security review because the real authentication pathways are broader than advertised.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger scenarios are broad and overlap with common social-media questions, increasing the chance that the skill auto-activates in contexts where the user did not intend account-linked scraping or authenticated access. In this skill, that over-broad activation is more dangerous because some functions rely on sensitive auth_token-based access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description mentions authenticated features but does not clearly warn that the proposed method uses a browser auth_token cookie tied to the user's active Twitter/X session. This lack of upfront disclosure undermines informed consent and can mislead users into exposing sensitive session credentials for ordinary data-extraction tasks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide tells agents or users how to extract the Twitter/X auth_token cookie but does not describe that it is a highly sensitive session credential equivalent to account access. In an agent context, encouraging cookie extraction without strong warnings or handling rules can normalize unsafe exfiltration of browser session secrets and lead to account compromise if the token is logged, stored, or reused improperly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document provides step-by-step token extraction instructions without prominent warnings that the auth_token is a sensitive session credential equivalent to account access. This omission increases the likelihood that users or AI agents mishandle the token, place it in code, config files, logs, prompts, or shared systems, leading to privacy loss or account compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs users to use raw account credentials and to extract the Twitter/X auth_token cookie from a live browser session, but provides only minimal 'keep secure' language and no strong warning about account takeover risk, secret exfiltration, or policy implications. In an agent-skill context, asking users to retrieve cookies from browser storage is especially sensitive because those values can grant authenticated access equivalent to the user session.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions to save and load sessions encourage persistence of authenticated material without explaining where it is stored, how it is protected, or what happens if the host is shared or compromised. Persisted session tokens can be stolen and reused, turning a convenience feature into a durable account-compromise vector.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The test script demonstrates passing an authentication token into the skill interface and encourages AI agents to use that method, but it provides no warning that the token is a sensitive credential that may be transmitted to an external service or exposed through logs, prompts, or copied example code. In an agent-skill context, users may paste real tokens into sample code or tool parameters without understanding the trust boundary, increasing the chance of credential leakage or misuse.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly directs agents to obtain and use a user's browser auth_token cookie to access protected Twitter features, effectively normalizing theft or unsafe handling of session credentials. In an agent context, this is especially risky because the token may be transmitted, logged, cached, or reused beyond the user's understanding, exposing the account to compromise and privacy loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal