ClawHub

Twinfold

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned for Twinfold, but it deserves review because it can automatically publish AI-generated content to connected public social accounts without clear confirmation safeguards.

Install only if you intend to let an agent operate your Twinfold account. Before any autoPublish, publishNow, schedulePost, runAutopilot, approvePost, delete, brand, or knowledge-changing action, require the agent to show the exact content, platforms, accounts, timing, credit cost, and get explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is unusually broad and includes generic terms like "post," "content," and platform names, which can cause the skill to activate in contexts where the user did not specifically intend to interact with Twinfold. Because this skill can create, schedule, and publish to connected social accounts, unintended invocation materially increases the risk of unauthorized or accidental actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation promotes one-call flows such as auto-publish and autopilot without clearly warning that these actions can immediately affect real, connected social media accounts. In this context, the absence of prominent warnings and explicit confirmation steps is dangerous because an agent may proceed directly from user intent to irreversible external actions like publishing, scheduling, or approving content.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented workflow includes an immediate publish action to external social media accounts without explicitly requiring a confirmation or warning step at the point of execution. In an agent skill context, this can cause unintended real-world actions such as posting public content under the user's identity if an agent follows the workflow literally.

Missing User Warnings

High
Confidence
96% confidence
Finding
The 'Full Autonomous Pipeline' explicitly directs the agent to select accounts, choose a trend, create content, and publish automatically with autoPublish enabled, without any user review or approval checkpoint. In the context of a skill that can act on connected social accounts, this materially increases the risk of unauthorized or accidental public posting, reputational harm, and misuse of paid credits.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal