ClawHub

BNBot

Security checks across malware telemetry and agentic risk

Overview

BNBot is a disclosed Twitter/X automation skill, but it gives an agent broad control over a logged-in social account without enough documented safeguards.

Install only if you are comfortable letting an agent operate a logged-in X/Twitter session. Use a dedicated browser profile or test account, verify the npm package and Chrome extension permissions, require explicit approval before any post, delete, follow, unfollow, retweet, reply, publish, or scraping action, avoid passing sensitive local files, and stop the local daemon when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README exposes account-affecting and destructive actions such as posting, deleting tweets, following/unfollowing, and retweeting without any warning, confirmation guidance, or safe-use constraints. In an agent skill context, this increases the risk of unintended or overbroad automation causing account compromise, reputational damage, or irreversible user actions.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README states that scraping and media inputs may use local files or URLs and that files are converted to base64 before sending, but it does not explain where data is sent, what is retained, or the privacy implications. In an agent-driven environment, this can lead users to unknowingly transmit sensitive local media or scraped content to a daemon/extension without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes destructive account actions such as delete-tweet, unfollow-user, and unbookmark-tweet without any warning, confirmation guidance, or recommendation to obtain explicit user consent before execution. In an agent setting, this increases the risk of accidental or unauthorized irreversible actions against a user's social media account.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The scraping and content-fetching commands can collect timeline data, profile data, bookmarks, and external article/video content, but the skill provides no privacy notice, data-handling guidance, or warning about collecting third-party or user-sensitive information. In an automated agent context, this omission can lead to over-collection, transmission, or retention of personal data without informed user awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal