ClawHub

X (Twitter) API

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only agntdata X API skill with disclosed credential and network use, plus visible text-analysis/translation endpoints that warrant caution but do not show hidden or destructive behavior.

Install only if you are comfortable giving an agent access to an AGNTDATA_API_KEY and sending X queries, account identifiers, tweet IDs, use-case text, and any analysis or translation text to agntdata. Use a dedicated key when possible, monitor usage or credits, avoid sending secrets or sensitive personal data, and review the optional plugin separately before installing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as an X/Twitter data retrieval integration, but it also exposes unrelated AI text-analysis and translation endpoints. This scope expansion increases the chance that agents send arbitrary user text or sensitive content to a third-party service under the guise of a social-data skill, violating least privilege and user expectations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Translation endpoints are not justified by the stated purpose of retrieving X data and create an unexpected channel for exfiltrating arbitrary text to the vendor API. In an agent setting, this can cause sensitive prompts, messages, or documents to be transmitted off-platform without clear necessity or notice.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Standalone AI/NLP endpoints such as topic classification, named-entity recognition, and sentiment analysis exceed the declared scope of an X data access skill. Their presence broadens the attack surface and can normalize sending arbitrary user-supplied text to a remote API with no clear business need tied to the advertised capability.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to send an API key, use-case metadata, and potentially query/user data to an external service but does not provide an explicit privacy, retention, or data-sharing warning. This is dangerous because operators may unknowingly transmit sensitive identifiers, search terms, or business context to a third party without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal