ClawHub

X Articles

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it helps draft and publish X Articles, but users should review before any public posting.

Install only if you are comfortable letting an agent control a logged-in X browser. Review the article, account, media, and final publish dialog yourself before posting, keep the CDP browser local, and avoid using this with a sensitive primary account unless you accept the public-posting risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes browser automation steps that can directly publish content to the user's X account without an explicit confirmation or safety gate immediately before the destructive action. Because the workflow targets a live social media account and assumes an already authenticated browser session, an agent following these instructions could cause unintended public posting, reputational harm, or accidental disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest explicitly advertises browser automation for creating and publishing X/Twitter Articles, but it does not warn that the skill can post to an external account or modify live platform content. In an agent ecosystem, this omission is dangerous because users may invoke the skill without realizing it can perform irreversible actions under their authenticated session, increasing the risk of unintended posting, reputation damage, or account misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal