ClawHub

X-CLI Toolkit

Security checks across malware telemetry and agentic risk

Overview

This skill transparently automates X/Twitter, but it asks for account credentials and gives an agent broad live control over posting, DMs, deletion, follows, blocks, lists, and cookies.

Install only if you are comfortable giving this skill broad control over an X/Twitter account. Prefer a dedicated account, do not paste your password into chat, avoid command-line password flags, protect config.json and cookies.json, and require explicit approval before any post, DM, delete, follow, block, list, poll, upload, or scheduled action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

High
Confidence
99% confidence
Finding
The README explicitly tells users to provide their X username and password directly to an AI agent so the agent can install, configure, and authenticate automatically. This is dangerous because it encourages disclosure of primary account credentials to an automated system that may log, persist, transmit, or misuse them, and the skill is specifically designed to perform real account actions on the user's behalf.

Missing User Warnings

High
Confidence
97% confidence
Finding
The authentication section recommends storing X username, email, and password in config.json without warning about plaintext secret storage. This creates an obvious risk of credential theft through source control leaks, backups, filesystem access, agent memory, or accidental sharing, especially in AI-agent environments where config files may be read automatically.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README documents commands that perform real account-affecting actions such as posting, deleting, following, blocking, muting, and sending DMs, but it does not clearly warn that these are live operations against the user's account. In an agentic context, this raises the risk of unintended or irreversible actions if a user or agent treats examples as harmless demonstrations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents many state-changing and potentially destructive actions such as delete, block, follow/unfollow, retweet, and mute/unmute without a broad warning that these actions affect the user's real X account and should require explicit confirmation. In an agent context, this raises the risk of unintended account modifications, reputation damage, or irreversible social actions if the agent executes commands from ambiguous prompts or prompt-injected content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The DM commands enable reading private inbox content and sending private messages, but the documentation does not warn that these actions expose private communications and should require explicit confirmation before access or transmission. In an agent setting, this is especially sensitive because private messages can contain confidential information, and sending DMs can create privacy, legal, or impersonation risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill highlights cookie-based authentication and use of config-stored credentials but does not include clear handling guidance for these highly sensitive secrets. This is dangerous because session cookies and credentials can grant direct account access, and agents or users may store, expose, or transmit them insecurely, especially when proxy support is also mentioned.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI explicitly supports `login --username USER --password PASS`, which exposes credentials via shell history, process listings, audit logs, and terminal recording tools. In a credential-handling auth utility for X/Twitter, this materially increases the chance of account compromise if the host is multi-user, monitored, or logs command invocations.

Ssd 3

High
Confidence
99% confidence
Finding
The README instructs users to hand account credentials directly to an AI agent for automated setup and authentication. In the context of a skill intended for agent execution, this materially increases the likelihood of credential compromise, unauthorized posting or messaging, and persistent account takeover via captured cookies or reused passwords.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal