Skillv2.0.4

ClawScan security

X Smart Read · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 12:54 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what it says (X/Twitter analytics) but its registry metadata omits the obvious credential requirements and there are a few coherence points you should review before installing.
Guidance: This package implements X/Twitter analytics and requires your X API credentials, but the skill metadata incorrectly lists no required environment variables — treat that as a red flag. Before installing: (1) verify the source repository (homepage is missing and owner id is opaque); (2) inspect scripts/x_setup.py to confirm how keys are stored and that they are saved only to ~/.openclaw/skills-config/x-twitter/config.json with restrictive permissions; (3) be cautious about running the 'curl | sh' installer for uv — fetch the script and review it before executing; (4) if you allow an AI agent to invoke skills autonomously, consider restricting it from using --no-budget or --force (or remove those flags) to avoid unexpected API spend; (5) if you plan to install, populate credentials manually and confirm config.json contents, or keep credentials out of env if you prefer an alternate secret store. The overall functionality appears legitimate, but the metadata omission and budget-override flags justify caution (suspicious) rather than outright blocking.

Review Dimensions

Purpose & Capability: concernThe skill's purpose is X (Twitter) analytics and the code and docs clearly require X API credentials (API Key/Secret, Access Token/Secret, Bearer Token) and will store config under ~/.openclaw/skills-config/x-twitter/. However the registry metadata declares no required environment variables or primary credential. That mismatch (declaring 'none' while the scripts and SETUP.md expect and persist five credentials) is a material incoherence and should be resolved before trusting the package.
Instruction Scope: noteSKILL.md and the scripts are narrowly scoped to calling the X API via tweepy, caching results to a local data directory, and printing summaries. The runtime instructions explicitly warn about costs and include budget guards. Two behavioral notes: (1) the skill provides --force and --no-budget flags that let a caller bypass budget blocking/warnings (so an agent could be instructed to spend freely), and (2) setup imports credentials from ~/.openclaw/.env or prompts interactively and then writes a config.json — this means secrets move onto disk. The scripts do not read unrelated system files or contact unknown external endpoints.
Install Mechanism: noteThere is no formal install spec in the registry (the package is instruction/code-only). The docs instruct users to install 'uv' and show a curl | sh command for uv (https://astral.sh/uv/install.sh). That installer invocation is documented (not executed automatically by the skill) and is a common but higher-risk pattern because it pulls a remote install script. The packaged Python scripts use tweepy and run via 'uv run', which is consistent with the documented workflow.
Credentials: concernAlthough the registry lists no required env vars, SETUP.md and the scripts expect and document five X credentials (API Key & Secret, Access Token & Secret, Bearer Token) and a local config file. The skill will store those secrets under ~/.openclaw/skills-config/x-twitter/config.json (SETUP.md says permissions 0600). The omission of these required secrets from metadata is disproportionate and misleading. Also the ability to disable budget checks (--no-budget, --force) increases the risk of unexpected spend if an agent calls the skill autonomously.
Persistence & Privilege: noteThe skill persists data and credentials only under its own directory (~/.openclaw/skills-config/x-twitter/) and the docs state config is saved with restrictive permissions. It does not request always:true and will not be force-included. This is expected for a personal analytics tool. The noteworthy point: stored credentials and cached tweets/mentions/bookmarks are persistent on disk — review config.json and data/ files and ensure filesystem protections meet your security requirements.