ClawHub

推特(X)数据接口

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Twitter/X lookup wrapper that sends requested tweet or search data to a disclosed third-party API, with an optional paid API key.

Install only if you are comfortable sending tweet IDs, search terms, cursors, and any AZT_API_KEY you provide to coze-js-api.devtool.uk. Prefer free mode or a dedicated paid key, and avoid using sensitive searches or high-value credentials with this third-party service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to execute a Python script that uses environment variables and makes outbound network requests, but the skill manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can access secrets from the environment and transmit data externally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends user-provided tweet IDs, search keywords, and potentially an API key to a third-party domain, but does not present an explicit privacy/security warning to the user. Because search queries may be sensitive and the optional API key is a secret, users may unknowingly expose personal interests or credentials to an external service outside the core platform.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script accepts an API key from either the CLI or the AZT_API_KEY environment variable and forwards it to a third-party domain (coze-js-api.devtool.uk) in the request body without any explicit warning, trust validation, or minimization. In an agent-skill context, users may reasonably assume locally supplied secrets stay local, so silent transmission of credentials to an external service creates real credential exposure risk if the endpoint is untrusted, compromised, or misconfigured.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal