Twitter Thread Creation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: twitter-thread-creation Version: 0.1.5 The skill bundle is classified as suspicious due to its reliance on powerful tools that, while plausible for the stated purpose, introduce significant risk if the AI agent were to be prompted maliciously. Specifically, the `SKILL.md` instructs the use of `infsh app run infsh/agent-browser` to visit arbitrary URLs and take screenshots, and `infsh app run infsh/html-to-image` to render arbitrary HTML into images. These capabilities could be leveraged for data exposure or unintended actions through prompt injection, even though the skill itself does not demonstrate malicious intent. The `curl | sh` command for installation, while not directly executable by the agent due to `allowed-tools: Bash(infsh *)` restriction, is a risky pattern to include in documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incautiously, the agent could publish tweets from the connected account instead of only preparing drafts.
The skill permits a broad external CLI command pattern and documents direct X post creation, but the visible artifact does not show a required confirmation step before public posting.
allowed-tools: Bash(infsh *) ... # Post a tweet infsh app run x/post-create --input
Treat posting as a high-impact action: require an explicit user approval for every tweet/thread, show the final text first, and consider narrowing the allowed command scope.
The connected account may be able to post to X through the CLI, so a mistaken or unauthorized command could affect a public account.
The skill asks the user to authenticate with the inference.sh CLI, which is expected for a posting workflow but gives the CLI delegated authority to act through connected services.
curl -fsSL https://cli.inference.sh | sh && infsh login
Review the login/OAuth scopes, use the least-privileged account available, and revoke the session when no longer needed.
Installing a remote CLI gives third-party code access to the local environment where it is run.
The setup path relies on a remote shell installer for an external CLI. The artifact says checksum verification and manual installation are available, but the installer code is not included in the reviewed artifacts.
curl -fsSL https://cli.inference.sh | sh
Prefer manual installation with checksum verification, and only run the installer if you trust the inference.sh distribution source.
Draft text, URLs, or generated media prompts may be processed by external services before posting.
The workflow sends content, HTML, URLs, or media-related requests to external inference.sh apps. This is disclosed and purpose-aligned, but it is still an external data flow.
Write high-engagement Twitter/X threads via [inference.sh](https://inference.sh) CLI ... infsh app run infsh/html-to-image ... infsh app run infsh/agent-browser
Avoid sending sensitive unpublished information unless you are comfortable with the provider’s data handling and retention policies.