ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

X Webmcp

v1.0.1

Connect to X and Grok through the built-in local-mcp X adapter and one fixed UXC link. Use when the user wants to read timelines, inspect tweets, post on X,...

0· 87·1 current·1 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: this skill drives X and Grok via a local webmcp adapter. However, the registry metadata lists no required binaries or env vars while SKILL.md explicitly requires 'uxc', 'npx', network access to https://x.com, and Playwright browser installation. The skill also assumes a specific profile path (~/.uxc/webmcp-profile/x) and depends on scripts from a sibling 'webmcp-bridge' skill via a relative path. The missing declared prerequisites and cross-skill repo dependency are inconsistent with the minimal registry metadata.
Instruction Scope
SKILL.md stays on-topic: it tells the agent to verify the x-webmcp-cli presence, check help, inspect auth state, and run read/write commands (with dryRun recommended). It references the local profile (~/.uxc/webmcp-profile/x) and requires absolute local paths for uploads, which is expected for a browser-driven upload tool. There are no instructions to exfiltrate data to unexpected external endpoints.
Install Mechanism
No install spec (instruction-only) and included scripts only call into other local scripts via relative paths; there is no remote download or archive extraction. This is low install risk, but the script dependency on a repository layout (skills/webmcp-bridge) means the skill may be non-functional or rely on externally provided code if that sibling isn't present.
Credentials
The skill declares no required credentials, which is correct for a tool that uses an authenticated local browser profile, but the SKILL.md requires access to the user's X browser profile (~/.uxc/webmcp-profile/x) and local filesystem paths for uploads. Access to that profile can expose session cookies/tokens. Also the runtime prerequisites (uxc, npx, Playwright) are not listed in the registry metadata—this is an omission that should be corrected before trust/installation.
Persistence & Privilege
always:false and user-invocable:true. agents/openai.yaml sets allow_implicit_invocation:true (normal for skills so the agent may call it autonomously). Combined with the skill's access to a local authenticated browser profile, autonomous invocation increases sensitive-asset access surface; users should ensure the profile is isolated and understand what local data the tool will touch.
What to consider before installing
This skill appears to do what it says (drive X via a local webmcp adapter), but there are a few things to check before installing or enabling it: - Verify prerequisites yourself: SKILL.md requires 'uxc' and 'npx' on PATH and Playwright browsers installed (npx playwright install). The registry metadata does not list these—ensure they are present and trustworthy. - Confirm the x-webmcp-cli binary origin: the skill runs that CLI and delegates to webmcp-bridge scripts. Make sure x-webmcp-cli and the referenced webmcp-bridge code come from a source you trust. - Protect your session data: the skill uses a managed profile path (~/.uxc/webmcp-profile/x). Use a dedicated/isolated profile for this skill (do not point it at your primary browser profile) because the tool can access cookies, tokens, and local files used for uploads. - Review the repository layout if installing from a package: ensure the referenced sibling scripts (skills/webmcp-bridge/...) exist locally; otherwise the ensure-links.sh wrapper may fail or call unexpected code. - Be cautious with autonomous invocation: allow_implicit_invocation is enabled; if you permit the agent to call skills autonomously, it could access the local profile without an interactive prompt. If you want stricter control, disable autonomous use or require explicit user confirmation for write actions. - If you need higher assurance, run the included validate.sh locally (it needs 'rg' / ripgrep) and inspect x-webmcp-cli and webmcp-bridge code before granting it any privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ah17nxxjh2hmwe469733ba583jcfr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments