Back to skill

Security audit

xAI Plus

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it should be reviewed because it can silently reuse xAI-related API keys from other skill config entries and under-explains what user data is sent to xAI.

Install only if you intend to send relevant prompts, images, URLs, account handles, and X content to xAI. Use a dedicated, revocable xAI API key for this skill instead of relying on shared or fallback credentials, and avoid using the social-media guidance to game platform ranking or evade enforcement.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This section goes beyond neutral analysis and provides concrete engagement-optimization tactics for manipulating platform ranking behavior, including maximizing reply loops and avoiding penalties. In a skill meant for analysis of X content, such guidance can enable spammy growth tactics or coordinated engagement gaming, which increases abuse risk and may violate platform rules.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The documentation explicitly supports using voice analysis output to inform writing style, which materially enables imitation of another account's communication patterns. That creates misuse potential for impersonation, deceptive influence, or synthetic content that mimics real users, especially when combined with automated generation tools.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script reads secrets and settings from ~/.clawdbot/clawdbot.json, including keys for multiple other skill entries, rather than limiting itself to its own explicitly provided configuration. That creates cross-skill secret access and weakens isolation: a user invoking this skill may unknowingly allow it to consume credentials intended for another tool, which can lead to unintended data access or unauthorized API usage.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script reads credentials and model settings not only from its own xai-plus entry but also from unrelated skill entries such as xai, grok-search, and search-x in the user's global Clawdbot config. This creates credential and configuration confusion, allowing one skill to silently consume another skill's secrets or settings, which breaks isolation and can cause unintended cross-skill data access or billing abuse.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The script pulls XAI credentials not only from the expected environment variable but also from a local Clawdbot config and several other skill-specific entries. That broad credential discovery increases the blast radius of the utility: a simple model-listing command can silently consume secrets intended for other skills, violating least privilege and making accidental credential use more likely.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes very broad terms such as "grok," "xai," and "search x," which can match ordinary user requests and cause this skill to activate when the user did not explicitly intend to send data to xAI services. In this skill's context, unintended activation matters because prompts, searches, and images may be transmitted to an external provider, creating privacy and routing risks rather than direct code-execution risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes search, chat, and image analysis features but does not clearly warn that user prompts, images, handles, URLs, and search queries are sent to xAI's external API. This can lead to unintentional disclosure of sensitive content, especially for vision inputs or research prompts that may contain confidential data.

Missing User Warnings

Medium
Confidence
73% confidence
Finding
The prompt instructs the system to fetch and analyze a user's recent posts without any notice about data sourcing, retention, or privacy considerations. Even if the data is public, users should be informed that external account content will be collected and processed, because this can create compliance and expectation gaps.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
This section instructs retrieval and analysis of an external X post by URL but does not warn users that third-party content will be fetched and processed. The omission is not directly exploitative, but it weakens transparency and can lead to privacy, policy, or consent issues in downstream use.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The section provides operational guidance for posting cadence, reply strategy, and reach optimization on X in a way that can facilitate spam-like growth tactics or policy-violating engagement behavior, without clearly warning about platform rules, automation limits, or account-enforcement risks. In a skill intended for X/Twitter research and content analysis, this shifts from neutral search guidance into actionable engagement optimization that could be misused to evade anti-spam safeguards or encourage risky account behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied post text, queries, handles, and URLs are embedded into prompts and sent to the external xAI API without any user-facing disclosure at the point of use. In a research/analysis skill this matters because inputs may contain unpublished drafts, private business content, or sensitive identifiers that the user may not realize are leaving the local environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/analyze.mjs:36

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/chat.mjs:34

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/grok_search.mjs:44

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/analyze.mjs:113

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/chat.mjs:131

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/grok_search.mjs:156

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/models.mjs:53