ClawHub

X Tweet Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: fetch public X/Twitter posts through the FxTwitter API, without persistence, credentials, or unrelated behavior.

Install only if you are comfortable with tweet lookups being sent to FxTwitter, which may observe the requested tweet IDs and request metadata. Avoid using it for sensitive or private URLs unless the publisher adds clearer privacy disclosures or a configurable provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation declares zero configuration and no explicit permissions, yet it describes functionality that depends on outbound network access to a third-party API. This creates a transparency and governance gap: users, platforms, or policy engines may treat the skill as lower risk than it really is, even though it can transmit user-supplied tweet URLs and request metadata off-platform.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown instructs users to fetch X/Twitter content via FxTwitter but does not warn that requested URLs and associated metadata will be disclosed to a third-party service. If users submit sensitive, internal, or tracking-bearing URLs, that information may be exposed externally without informed consent, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends user-derived tweet identifiers to api.fxtwitter.com, a third-party service, without making that external transmission explicit to the user. Even though the input is a public tweet URL, using the skill leaks the queried tweet, timing of access, and requester metadata such as IP address/User-Agent to an external operator, which is a real privacy and data-handling concern.

External Transmission

Medium
Category
Data Exfiltration
Content
username, tweet_id = parse_tweet_url(url)
    result = {"url": url, "username": username, "tweet_id": tweet_id}

    api_url = f"https://api.fxtwitter.com/{username}/status/{tweet_id}"
    try:
        req = urllib.request.Request(api_url, headers={"User-Agent": "Mozilla/5.0"})
        with urllib.request.urlopen(req, timeout=15) as resp:
Confidence
90% confidence
Finding
https://api.fxtwitter.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal