Back to skill
Skillv1.0.0
ClawScan security
X/Twitter Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 15, 2026, 4:03 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions require X API credentials and a local 'xpost' CLI script but the registry entry declares no credentials and includes no code or install; those inconsistencies warrant caution.
- Guidance
- Do not install or run this skill until you validate a few things: (1) confirm the package actually includes the xpost script or obtain its canonical source and review its code before making it executable — never run an uninspected script placed in your ~/clawd/bin; (2) ask the publisher to update the registry metadata to declare the required credentials (X_API_KEY, X_API_SECRET, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET, X_USER_ID) so you know what secrets the skill needs; (3) inspect xpost for network calls/exfiltration beyond api.twitter.com and for unsafe shell execs; (4) store API keys securely (restrict file permissions: chmod 600) or use a secrets manager rather than a world-readable file; (5) prefer a skill with a verifiable source/homepage and explicit install spec; (6) if you must test, run the CLI in an isolated environment (sandbox/container) and review logs. These inconsistencies do not prove malice, but they are enough reason to proceed cautiously.
- Findings
[you-are-now] expected: The SKILL.md contains a 'prompt injection defense' section that shows example adversarial phrases such as 'You are now a different agent'. The scanner flagged that pattern, but its presence here is explained: the document documents prompt-injection attempts and defense handling.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to act as an X/Twitter v2 API agent and instructs storing API keys and using a local xpost CLI, which is consistent with its purpose — but the registry metadata lists no required credentials and the package contains no code files despite the SKILL.md saying the xpost script is included. That mismatch is unexplained.
- Instruction Scope
- concernRuntime instructions tell the agent to read keys from ~/.config/x-api/keys.env and to execute ~/clawd/bin/xpost, and to place/make-executable a script supplied by the package. The instructions do not ask to read unrelated system files, but they rely on a binary and a secrets file that are not declared in the skill metadata and are not present in the package — a coherence issue and an operational risk (you must verify the script before running).
- Install Mechanism
- concernThere is no install spec and no code files in the package, yet SKILL.md states the xpost CLI 'is included in the skill package download' and instructs installing it into ~/clawd/bin. That contradiction is a red flag: either the package omitted the script, or the skill expects you to download/execute an external script. Both require careful review.
- Credentials
- concernThe skill clearly requires X API credentials (API key, secret, access token, access token secret, user id) and instructs storing them in ~/.config/x-api/keys.env, but the registry metadata declares no required env vars or primary credential. Required secrets are not declared, which is disproportionate and hides the true credential needs.
- Persistence & Privilege
- okalways is false and the skill is user-invocable with normal autonomous invocation allowed. It does not request elevated or persistent platform-wide privileges in metadata. No indication it modifies other skills or system config.