ClawHub

Twitter/X API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Twitter/X API helper that can act on your account, so it is usable but should be run only with deliberate approval for posts and DMs.

Install only if you want an agent to help manage Twitter/X through your account. Use the least-privileged tokens possible, prefer environment variables or a secret manager over a plaintext credentials file, and require explicit review of the exact tweet, reply, media, recipient, or DM text before allowing write commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly relies on environment-based secrets and credential files, but the metadata does not declare corresponding permissions or capability requirements. This creates a transparency and governance gap: an agent may access sensitive credentials without an explicit permission boundary, making misuse or accidental overreach harder to detect and control.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill can post tweets, read DMs, and send DMs on the user's behalf, all of which are privacy-sensitive or externally side-effecting actions, yet the description does not prominently warn about those risks. Without explicit user-facing warnings and confirmation requirements, users may invoke the skill without understanding that private messages may be accessed or public content may be published.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The DM-reading command retrieves and prints private direct message contents and sender identifiers directly to stdout, which can expose sensitive personal or business communications to the invoking agent, logs, terminals, or downstream tooling. In an agent skill context, this is more dangerous because private messages may be accessed and surfaced without a strong privacy warning, scoped consent, or output minimization.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The DM-sending command performs an outbound private action immediately based on arguments, without a confirmation step or explicit disclosure that a private message will be sent to a real recipient. In an agent environment, this increases the risk of unintended messaging, privacy violations, social engineering, or reputational harm if the tool is triggered with mistaken or adversarial input.

Session Persistence

Medium
Category
Rogue Agent
Content
export TWITTER_BEARER_TOKEN="your-bearer-token"  # For read-only operations
```

Or create credentials file:

```bash
mkdir -p ~/.config/twitter
Confidence
91% confidence
Finding
create credentials file: ```bash mkdir -p ~/.config/twitter cat > ~/.config/twitter/credentials.json << 'EOF' { "api_key": "your-api-key", "api_secret": "your-api-secret", "access_token": "your

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal