Back to skill

Security audit

Twitter Operations

Security checks across malware telemetry and agentic risk

Overview

This is a broad Twitter/X automation skill that discloses powerful account actions, but it does not clearly bound approvals, scope, credential handling, or retained data.

Install only if you intend to let an agent operate a Twitter/X account. Use least-privilege OAuth credentials, avoid high-value or personal accounts, require manual approval for posting, replies, DMs, follows, blocks, moderation, and bulk actions, verify webhook destinations, and protect or periodically clear local credentials, logs, caches, archives, and exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very broad terms such as "twitter," "tweet," "x.com," and "social media," which can cause the skill to activate during ordinary conversation or unrelated requests. Because this skill exposes posting, scraping, bulk follow/unfollow, and automation capabilities, accidental invocation increases the chance of unintended actions against external accounts or data sources.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest advertises sensitive capabilities including posting, auto-reply, scraping, bot behavior, mass follow/unfollow/block, multi-account management, and real-time monitoring, but provides no explicit user-facing warnings, approval requirements, or scope restrictions. In this context, the combination of account control, data collection, and bulk actions makes misuse or accidental abuse significantly more dangerous than a typical content-management skill.

Credential Access

High
Category
Privilege Escalation
Content
"Pillow>=10.0.0"
  ],
  "configuration": {
    "credentials_file": "~/.openclaw/twitter_credentials.json",
    "cache_dir": "~/.openclaw/cache/twitter",
    "log_file": "~/.openclaw/logs/twitter.log",
    "archive_dir": "~/.openclaw/archives/twitter"
Confidence
78% confidence
Finding
credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.