ClawHub

Twitter To Binance Square

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about mirroring Twitter/X content to Binance Square, but it can continuously publish public posts using the user’s account credentials without a script-enforced approval step.

Install only if you intentionally want unattended Twitter/X-to-Binance Square publishing. Start with --dry-run and --once, use narrow accounts or keywords, keep max_posts_per_run low, use revocable API keys, and monitor or remove any background or cron job you create.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README instructs users to place long-lived API credentials in environment variables and immediately run an automated posting workflow, but it does not warn about account takeover, unauthorized posting, data leakage, or the consequences of using third-party Twitter-access services. In this skill’s context, those keys directly enable content retrieval and posting to a public Binance account, so mishandling them can lead to spam, reputational damage, or abuse of the user’s publishing account.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase 'auto post from twitter' is broad enough to match ordinary user requests that may not intend to start an automated cross-posting pipeline. Because this skill performs recurring external posting using stored credentials, accidental invocation could cause unintended publication of content and ongoing automated actions.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Defaulting translated reposts to Chinese without explicit opt-in can alter the meaning of third-party content before publication and may cause users to post transformed material they did not review. In an auto-posting skill, silent content transformation increases the risk of reputational harm, policy violations, and unintended dissemination in the wrong language.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This skill automatically republishes third-party Twitter/X content to Binance Square without an approval gate, confirmation prompt, or strong runtime warning. In this context, autonomous cross-platform posting can amplify malicious, fraudulent, copyrighted, or account-compromising content from monitored feeds, causing reputational damage or policy violations at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal