ClawHub

Twitter/X舆论采集

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs read-only Twitter/X lookups, but its runtime instructions include unrelated Douyin/Xiaohongshu API fallback guidance that makes its true scope unclear.

Review this skill before installing because it needs a MaxHub API key and can collect Twitter/X social data. The package has no executable installer or persistence, and VirusTotal/static scans were clean, but the author should remove or clearly isolate the unrelated Douyin/Xiaohongshu fallback instructions and add clear privacy and data-use limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a Twitter/X-only assistant, but its error-handling and downgrade logic references unrelated Douyin/Xiaohongshu endpoints. This creates scope confusion and can cause the agent to invoke unintended APIs or mishandle user requests against the wrong platform, undermining least-privilege and making security review harder.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The security declaration asserts that all endpoints are legitimate read-only APIs for this skill, but later sections instruct use of unrelated platform endpoints. That inconsistency is dangerous because it can mislead operators and downstream tooling into over-trusting the skill's scope and safety claims.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The document exposes authenticated access to tweet details, profiles, followers, followings, comments, and related social-graph data using a bearer token, but it provides no guidance on lawful use, privacy expectations, retention, or handling of scraped personal data. In a skill intended for agent use, that omission increases the chance of bulk collection or secondary use of personal data without appropriate safeguards or user awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal