ClawHub

Twitter/X Reader

Security checks across malware telemetry and agentic risk

Overview

This is a coherent tweet-reading skill that makes disclosed third-party network requests and shows no hidden persistence, credential access, destructive behavior, or account mutation.

Install this if you are comfortable with shell scripts using curl and jq to fetch public tweet data through FxTwitter and, on fallback, public Nitter instances. Avoid using it for tweet lookups where the fact that you requested a specific tweet should remain private from those third-party services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README indicates the skill will automatically activate for any shared tweet URL in ordinary conversation, which makes invocation criteria overly broad. In an agent environment, this can cause unintended third-party network requests and unexpected disclosure of user-provided URLs or surrounding context when a user did not explicitly intend to use this skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README describes sending requests to FxTwitter and Nitter but frames the skill as 'security first' and 'zero data collection' without clearly warning that tweet URLs and request metadata are transmitted to external services. This can mislead users about privacy boundaries and cause unintentional disclosure of browsing targets, IP address, headers, or timing metadata to third parties.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation guidance is somewhat overbroad because it includes generic requests like 'Summarize this Twitter thread' and 'Can you read this tweet for me?' without clearly requiring a Twitter/X URL or other strong confirmation that this skill is the right one. In an agentic environment, broad triggers can cause the skill to activate in the wrong context and initiate unnecessary external requests or mishandle unrelated user input.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends user-derived tweet lookup requests to a hardcoded list of third-party Nitter instances without explicit consent or a prominent warning at execution time. This can disclose the requested tweet URL, timing, and requester IP/user-agent metadata to untrusted external services, which is a real privacy and data-handling risk even if the functionality is intentionally designed as a fallback.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal