Tweet Monitor Pro
WarnAudited by ClawScan on May 10, 2026.
Overview
Tweet Monitor Pro is a social-media scraping skill, but its code executes an undeclared external Python helper through an unsafe shell command, so crafted inputs could run local commands.
Avoid installing this skill in a sensitive environment until the command-injection issue and undeclared external helper are fixed. If you must test it, run it in a disposable sandbox, inspect any external fetch_tweet.py file first, avoid setting billing keys, and be cautious with the optional anti-detection browser component.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted tweet URL, username, or baseline file path could make the skill run commands on your machine as the OpenClaw process.
The tool parameter url is joined into a shell command string; the same pattern is used for username and baselineFile. Shell metacharacters in these inputs could execute arbitrary local commands.
const args = ['python3', scriptPath, '--url', url]; ... const output = execSync(args.join(' '), { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });Do not use until it replaces shell command strings with execFile/spawn using an argument array, strictly validates inputs, and rejects shell metacharacters.
The skill may fail, or worse, execute whatever file exists at that external path, including code from another skill or a modified local file.
The skill executes a Python script from a hard-coded path outside this package. The provided manifest does not include that script and the registry declares no install spec or required binaries, so runtime behavior depends on unreviewed local code.
const scriptPath = '/root/.openclaw/workspace/skills/x-tweet-fetcher/scripts/fetch_tweet.py';
Package the helper inside this skill, use a relative path, declare python3 and all dependencies, and provide a pinned, reviewable implementation.
Using the advanced mode may violate site rules, trigger account/network blocks, or introduce risk from an additional browser plugin.
The skill explicitly documents anti-detection browser use to bypass site protections. This is disclosed and related to scraping, but it is sensitive behavior users should understand.
Advanced fetching: Camofox + Nitter (bypasses Cloudflare) ... an anti-detection browser service ... Used to bypass Cloudflare and JavaScript challenges
Prefer official APIs or public endpoints where possible, and only run Camofox in an isolated environment from a trusted, pinned source.
Users may be unclear whether billing credentials are needed or used, and what authority they grant.
The documentation asks for optional billing credentials, while the registry declares no environment variables and the reviewed code does not read these variables. This is under-declared/incomplete credential handling rather than observed credential leakage.
export SKILLPAY_API_KEY="your_key" ... The skill will automatically report usage and trigger billing.
Declare optional SkillPay environment variables in metadata and document exactly when billing calls occur; avoid setting billing keys until the implementation is clear.
Quota and usage records can remain after use and could be modified locally to change plan or usage state.
The skill persists user IDs, plans, and usage counts in a local JSON file and trusts that state for quota enforcement.
const QUOTA_DB = process.env.QUOTA_DB || path.join(__dirname, 'quotas.json'); ... fs.writeFileSync(QUOTA_DB, JSON.stringify(quotas, null, 2));
Document the quota file location and retention, avoid storing unnecessary identifiers, and protect or validate the file if it affects billing or access control.