ClawHub

fapi.uk Twitter All-in-One API

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Twitter/X automation helper, but it asks for powerful account credentials and enables account-changing actions without clear confirmation controls.

Review carefully before installing. Use a low-risk or dedicated Twitter/X account, do not paste real tokens into chat, store credentials only through a secure config/secret mechanism, and require explicit confirmation before any post, reply, follow, unfollow, block, unlock, or paid credit-consuming action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is described as acting on broad natural-language requests with no clear trigger boundaries, exclusions, or confirmation requirements. In a skill that can post tweets, follow/unfollow, block, and interact with authenticated accounts, ambiguous activation increases the risk of unintended account-affecting actions from casual or misinterpreted prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises write-capable actions such as posting, retweeting, following, blocking, and DM-related uploads without clearly warning that these can change a user's account state and may be hard or impossible to fully undo. In the context of authenticated Twitter account access, missing warnings and confirmation expectations materially raise the chance of harmful or accidental actions.

Missing User Warnings

High
Confidence
99% confidence
Finding
The README explicitly tells users they can paste their apiKey and auth_token directly into chat, creating a direct natural-language path for exposing secrets in a conversational channel. Chat transcripts may be logged, retained, shared, or surfaced to other components, making credential compromise and account takeover significantly more likely.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs users to paste sensitive credentials such as apiKey and auth_token directly into chat. Secrets shared in conversational channels may be logged, retained, exposed to other tools/components, or accidentally disclosed in future context, creating a real credential-handling vulnerability.

Ssd 3

High
Confidence
99% confidence
Finding
The skill documentation encourages collection of API credentials through natural-language chat, which is a classic sensitive-data exposure pattern. Because the same skill performs authenticated Twitter operations, leaked tokens could be used to impersonate the user, post content, access protected operations, or abuse paid API balances.

Ssd 3

High
Confidence
99% confidence
Finding
The skill creates a natural-language workflow for exposing API credentials in chat, including high-value authentication material like auth_token. In an agent setting, this is especially dangerous because chat content may be persisted, reused as context, surfaced to plugins, or visible to operators, making credential compromise and account abuse plausible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal