Security audit

X.com 推文抓取工具

Security checks across malware telemetry and agentic risk

Overview

This X.com tweet scraper is mostly purpose-aligned, but it asks users to export live session cookies and stores authenticated scraping artifacts without enough safeguards.

Install only if you are comfortable exporting X.com session cookies to a local cookies.json file. Treat that file like a password, keep it out of repositories and shared logs, restrict access to it, delete it after use, and review generated JSON, screenshots, and debug HTML before sharing anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill clearly instructs users to read cookies from disk, write scraped data to local files, and make authenticated network requests, yet it declares no permissions. This creates a transparency and governance gap: users and platforms cannot accurately assess what the skill can access or exfiltrate, especially given its handling of live session cookies.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The documented behavior goes beyond the stated purpose by including browser-based scraping, hard-coded targeting, and saving screenshots or full HTML debug artifacts. This mismatch is dangerous because users may authorize a general tweet-scraper while the skill actually performs broader collection and persistence of potentially sensitive authenticated session content.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill tells users to export live X.com authentication cookies such as auth_token and ct0 without clearly warning that these are bearer-like session secrets. Anyone who obtains these values may be able to act as the user or access account-scoped content until expiry, making accidental disclosure or unsafe storage highly risky.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document instructs users to handle live authentication material (`cookie`, `ct0`, bearer token, and auth-type headers) and even recommends saving raw API responses for debugging, but it does not include warnings or safeguards for protecting session secrets. In a scraping skill that relies on cookie-based auth, this omission increases the likelihood that users will expose reusable session tokens in files, logs, or shared debugging artifacts, enabling account/session compromise.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script loads authentication cookies from a local JSON file and injects them into a browser context, which enables authenticated access to X.com. In a scraping skill, this is expected behavior, but it still creates credential-handling risk because the cookies are sensitive session secrets and the script provides no warning, validation, or safeguards around their storage and use.

Ssd 3

High

Confidence: 98% confidence
Finding: The instructions explicitly direct users to extract and reuse live session cookies from a logged-in browser session for authenticated scraping. This is dangerous because it operationalizes credential harvesting and reuse of session material outside the browser's intended protections, increasing the chance of account compromise, leakage, or unauthorized access if the cookie file is exposed.

Ssd 3

High

Confidence: 98% confidence
Finding: The Chinese section repeats the same live-cookie extraction and reuse workflow, extending the unsafe guidance to another audience and reinforcing insecure handling of session credentials. Repetition in multiple languages increases the likelihood of adoption and therefore the practical exposure of account-bearing secrets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal