ClawHub

X Followings Digest

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for making X/Twitter followings digests, but users must protect the X session cookies it requires.

Install only on a trusted machine, use a trusted bird CLI, and treat AUTH_TOKEN and CT0 like passwords. Avoid exposing them in shell history, logs, screenshots, or shared environments, and only set up cron if you intentionally want recurring authenticated X/Twitter fetches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs users to export X/Twitter browser-derived auth credentials (`AUTH_TOKEN` and `CT0`) directly into their shell environment, but it does not warn that these are sensitive session tokens equivalent to account access. This increases the risk of accidental disclosure through shell history, logs, process inspection, screenshots, or reuse in unsafe environments.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill recommends cron-based daily automation of an authenticated X/Twitter fetch workflow without warning that this will repeatedly send authenticated requests using stored session tokens. That can increase exposure if tokens expire, are overused, are stored insecurely for automation, or if the user is unaware of the ongoing authenticated activity.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The script consumes highly sensitive X/Twitter session credentials from environment variables and uses them to access a user's followings without any explicit user-facing notice, consent flow, or handling guidance. In an agent-skill context, this increases the risk of silent credential use and privacy-impacting data access, especially if users do not understand that browser/session tokens are being reused for authenticated scraping.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal