ClawHub

XRepl AI - Tweet Generator

Security checks across malware telemetry and agentic risk

Overview

This skill openly connects to XReply to draft, schedule, and publish X/Twitter posts, so the main risks are expected account-token and public-posting risks rather than hidden behavior.

Install only if you trust XReplyAI and the external @xreplyai/mcp npm package. Store XREPLY_TOKEN only in a secret/config mechanism, do not paste it into chats or logs, rotate it if exposed, and review the exact post text, account, timing, and reversibility before any publish, schedule, delete, or auto-retweet action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents immediate publishing and scheduling to X/Twitter but does not include an explicit warning that these actions cause real external side effects on the user's connected social account. In an agentic context, that increases the risk of accidental posting, reputational harm, or unintended scheduled content if a user or downstream agent treats the examples as low-risk content generation rather than live account actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The authentication section says an `XREPLY_TOKEN` is automatically injected but does not warn that this JWT provides account-level access to tweet generation, queue management, billing visibility, and publishing capabilities. Without explicit handling guidance, users may underestimate the sensitivity of the token, increasing the chance of leakage, reuse in insecure contexts, or accidental exposure through logs and prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal