ClawHub

ZeeLin X Hourly Growth

Security checks across malware telemetry and agentic risk

Overview

This is coherent X growth automation, but it can repeatedly post public replies from a logged-in account and enable hourly background operation with broad browser control.

Install only if you intentionally want unattended X engagement from the logged-in OpenClaw Chrome profile. Start with --dry-run, verify the account and generated replies, lower caps if needed, prefer a dedicated X account/profile, and uninstall the LaunchAgent when hourly posting is no longer wanted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Tainted flow: 'PROFILE_DIR' from os.environ.get (line 23, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
pass

    # Restart only the OpenClaw profile Chrome so normal personal Chrome windows are left alone.
    subprocess.run(["pkill", "-f", str(PROFILE_DIR)], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
    time.sleep(2)
    for name in ("SingletonLock", "SingletonSocket", "SingletonCookie"):
        try:
Confidence
83% confidence
Finding
subprocess.run(["pkill", "-f", str(PROFILE_DIR)], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no explicit permissions while its documented behavior clearly requires shell execution, network access, local browser/profile access, and state file reads/writes. This mismatch hides the true trust boundary from users and reviewers, increasing the chance the skill is invoked with more powerful capabilities than expected and making risky behavior harder to audit.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Restarting Chrome with remote debugging and `--remote-allow-origins=*` greatly broadens who may connect to the debugging interface compared with the stated purpose of posting X replies. A permissive CDP setup can expose the authenticated browser session, allowing page inspection, navigation, script execution, and potential account/session abuse if another local or reachable process connects.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manifest description uses broad activation phrases such as growing followers, commenting on follow posts, and scheduling hourly engagement, which can cause the skill to trigger for loosely related requests. Because the skill performs public posting from a logged-in account, overbroad routing increases the risk of unintended autonomous actions and reputational harm.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description explains growth operations and replies but does not prominently warn that it will post public comments using the currently logged-in X account. In this context, lack of clear disclosure is dangerous because a user may invoke the skill without realizing it will perform external account actions, leading to unauthorized posting, spam policy violations, or reputational damage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script creates and immediately installs a LaunchAgent that runs every hour without any interactive consent, dry-run, or explicit warning before persistence is enabled. In a skill that automates social-media actions through a logged-in browser, silently establishing recurring background execution increases the risk of unexpected account activity and makes user control and awareness materially weaker.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs autonomous posting to X and manipulates a logged-in Chrome profile without any per-run confirmation, dry-run default, or explicit user acknowledgment before sending content. In this skill context, that is more dangerous because it can use the operator's authenticated social account to perform mass engagement actions, creating account abuse, reputational damage, or platform-policy violations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal