ClawHub

Twitter Thread Creation

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Twitter/X thread work, but it gives an agent live posting and broad external-tool authority without clear confirmation safeguards.

Install only if you want the agent to help with actual Twitter/X publishing, not just drafting. Use a low-risk account or limited credentials where possible, avoid private URLs or confidential drafts in search, screenshot, or rendering inputs, and require a separate human review before any `x/post-create` command is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill materially exceeds a simple writing aid by including operational commands to publish to X and invoke additional apps for image generation, browsing, and research. That expansion increases the chance an agent or user will perform live external actions rather than just draft content, creating avoidable risk in a skill whose stated purpose is thread creation guidance.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Browser-driven screenshot capture is broader than necessary for writing a Twitter thread and enables fetching arbitrary URLs and rendering external content. In an agent setting, this can be abused for unintended web access, data collection, or interaction with sensitive internal or authenticated pages if the environment has such access.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
External research capability broadens the skill from writing assistance into open-ended information retrieval, which can cause unnecessary outbound requests and untrusted content ingestion. That is risky in agent workflows because retrieved content may be inaccurate, adversarial, or trigger unexpected downstream actions in content generation.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list is very broad and includes generic phrases like twitter post, social media writing, and x post, which raises the likelihood of accidental activation in unrelated contexts. For agent systems, overbroad activation can expose users to tooling or behaviors they did not intend, especially when the skill also contains posting and web-capable commands.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples invoke x/post-create directly without an unmistakable warning that running them may publish a live post to a real account. In agent or copy-paste usage, this can lead to accidental public posting, reputational damage, disclosure of sensitive information, or unwanted actions on behalf of the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal