Back to skill
Skillv1.0.3
VirusTotal security
Twitter/X scraper with Apify actors · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:50 AM
- Hash
- e37612641d325ce9c9dce95702df5f6a46156815db29904677515e1951f7ed71
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: twitter-x-apify-actors Version: 1.0.3 The skill is designed to interact with the Apify API for Twitter/X data collection, which aligns with its stated purpose. However, the `scripts/apify_twitter_actors.py` allows the `follower-actor-id` and `email-actor-id` to be overridden via command-line arguments. While this offers flexibility, it introduces a vulnerability where an AI agent or a malicious user could instruct the skill to execute arbitrary Apify actors (not just the intended ones) if input validation is insufficient at the agent runtime level. This constitutes a risky capability without clear malicious intent within the skill itself, thus classifying it as suspicious rather than malicious.
- External report
- View on VirusTotal