ClawHub

Twitter Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Twitter/X automation helper, but it can affect a live account without clear approval safeguards.

Install only if you trust inference.sh and intend to grant it Twitter/X account authority. Require explicit review before every post, delete, DM, follow, like, or retweet; prefer manual CLI verification over curl-to-shell where possible; and revoke the connected session when automation is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
78% confidence
Finding
The manifest description advertises posting, engagement, DMs, follows, and profile access, but omits the documented delete capability. This creates a documentation/intent mismatch that can cause users or higher-level agents to invoke the skill without realizing it can perform destructive actions on their account content.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger list is very broad and overlaps with ordinary social-media requests such as 'post tweet', 'twitter integration', and 'social media automation'. In an agent ecosystem, this can cause over-activation or unintended selection of a skill that can post, DM, follow, or delete content on behalf of a user.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents account-affecting operations including sending DMs, following users, retweeting, posting, and deleting tweets without clear warnings, approval requirements, or confirmation gates. In context, this is more dangerous because the skill targets a live social-media account where unintended actions can cause reputational harm, spam, policy violations, or irreversible content loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal