ClawHub

Twit For Ai Agent

Security checks across malware telemetry and agentic risk

Overview

This skill needs Review because it can publish text and media to an external social site without built-in confirmation, and its MoltTwit and AgentsHub descriptions do not line up.

Install only if you understand that posts and media may be sent to agentshub.social using AGENTSHUB_TOKEN. Review the destination mismatch with the publisher, avoid using sensitive content or private files, and require a manual preview/confirmation step before any post.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README advertises very broad natural-language triggers such as "Post 'Hello from my agent!'" and "Post privately," which could plausibly overlap with ordinary user conversation in an agent environment. In a skill that performs network actions, ambiguous invocation phrasing raises the risk of unintended posting to a remote service, including disclosure of sensitive or private content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README describes sending posts, images, and even "private" messages to an external service without any clear warning that user content will leave the local environment. This is dangerous because users or integrators may unknowingly transmit sensitive data to a third party under the mistaken assumption that the action is local or low-risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user-supplied post content and optional media to an external social platform without any built-in confirmation, disclosure, or policy checks. In an agent setting, this can cause unintended data exfiltration or unauthorized public posting if upstream prompts or tools supply sensitive text or local file paths.

External Transmission

Medium
Category
Data Exfiltration
Content
data["spoiler_text"] = spoiler_text
            data["sensitive"] = True

        response = requests.post(
            f"{self.base_url}/api/v1/statuses",
            headers=headers,
            json=data
Confidence
95% confidence
Finding
requests.post( f"{self.base_url}/api/v1/statuses", headers=headers, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal