X Followings Digest
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any program that can read these environment variables may be able to access the user's X/Twitter session.
The skill requires X/Twitter browser session credentials. That is expected for fetching a user's following feed, and the provided script does not print or transmit the cookies, but these cookies can grant broad account access.
export AUTH_TOKEN="your_auth_token" export CT0="your_ct0" ... - `AUTH_TOKEN` & `CT0` from browser cookies
Use this only on a trusted machine with a trusted X client, avoid exposing environment variables in logs, and revoke or rotate the X session if you stop using the skill.
A malicious or unexpected bird binary could run with the same environment, including the X auth cookies.
The script depends on an external bird CLI from the user's PATH. The supplied artifacts do not include an install spec, version pin, or source for that binary.
TWEETS=$(bird following --json -n "$LIMIT" 2>/dev/null)
Install bird only from a source you trust, verify which binary is on PATH, and consider isolating the environment used for this skill.
A tweet could try to steer the AI away from summarization or ask it to reveal data or use tools, depending on the surrounding agent environment.
Fetched tweet text is placed directly into the AI prompt. Since tweets are untrusted external content, they could contain instructions aimed at the agent.
### Raw Tweets
{tweets_text}Add a prompt rule that tweet contents are untrusted data and must not be followed as instructions; keep the digest task constrained to summarization.
A user requesting a 1-day or 3-day digest may receive the latest tweets regardless of their actual age.
The script computes a time threshold but does not use it in the bird command or any later filtering, even though the skill advertises custom time ranges.
SINCE_TIMESTAMP=$(date -d "${DAYS} days ago" +%s ...)
TWEETS=$(bird following --json -n "$LIMIT" 2>/dev/null)Clarify that date ranges are best-effort, or implement real timestamp filtering before sending tweets to the AI.
A cron job could keep using stored X credentials and fetching tweets on a schedule until the user removes it.
The skill recommends scheduled recurring execution. This is disclosed and purpose-aligned for a daily digest, but it creates persistence if the user configures it.
- 建议设置定时任务每日自动运行 - Recommended: set up cron job for daily auto-run
Only set up a cron job if you want ongoing operation, store credentials carefully, and document how to disable the scheduled task.