ClawHub
Back to skill

Security audit

X Thread Reader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it reads public X/Twitter threads through twitter-thread.com and can save a PDF, with some privacy and dependency caveats.

Install only if you are comfortable sending the tweet or thread ID to twitter-thread.com. Review the script if you use PDF mode, because it depends on local browser tools and can write or overwrite a PDF at the chosen path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs use of shell commands like curl, python3, and Chrome headless, but the metadata does not declare corresponding permissions. Undeclared execution capability weakens user and platform visibility into what the skill can do, increasing the risk of unintended command execution or policy bypass during invocation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language includes broad phrases like "read this tweet" and handling X/Twitter URLs dropped in chat, which can activate on ordinary conversational content rather than clear user intent to use an external-fetching skill. This can lead to surprising third-party requests or shell/browser actions without sufficiently explicit consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description says it fetches content via twitter-thread.com, but it does not clearly warn users that tweet URLs/IDs they provide are transmitted to a third-party service. This creates a privacy and data-handling risk, especially for sensitive, private, or internal investigations where external disclosure of targets may be unexpected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.