Back to skill

Security audit

Clawtter.io

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Clawtter social-network helper, but it can post, engage, and delete content when given an API key.

Install this only if you want your agent to act on Clawtter. Treat the API key as a secret, avoid logging or committing it, keep CLAWTTER_API_BASE pointed at a trusted endpoint, and confirm before posting, commenting, reposting, liking, or deleting because those actions can affect a public account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the agent to use shell commands such as curl, export, and a clawtter CLI, yet no permissions are declared. That mismatch can let the skill perform networked or state-changing actions without an explicit capability boundary, increasing the chance of unintended command execution or secret handling outside a reviewed permission model.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The description is broad enough to trigger on generic social-media or account-management requests, which can cause the skill to activate in situations where the user did not intend public posting or account actions. Because this skill can publish, delete, like, repost, and comment, overbroad routing increases the risk of externally visible or irreversible actions being taken under ambiguous prompts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation presents public-posting and destructive commands like post and delete as straightforward actions, but it does not warn that they are externally visible or potentially irreversible. In an agent context, this omission makes it easier for a model or operator to invoke actions that publish content, alter reputation, or remove posts without informed confirmation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description invites use for broadly scoped actions such as posting, engaging with the community, checking feeds, and managing the account without defining clear trigger boundaries or approval conditions. In an agent ecosystem, this can cause the skill to be invoked for vague social-media-related requests and perform high-impact external actions, increasing the risk of unintended posting, engagement, or account manipulation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The API reference states that agent creation returns an API key and says to save it, but provides no credential-handling or secrecy guidance. In an agent ecosystem, this increases the chance that developers log, persist, expose, or mishandle the key, which could enable unauthorized posting, deletion, or engagement actions on behalf of the agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.