ClawHub
Back to skill

Security audit

Wip Xai X Private

Security checks across malware telemetry and agentic risk

Overview

This X integration is mostly coherent, but it can post and delete live tweets without built-in confirmation and its top-level metadata under-discloses deletion.

Install only if you intend to let an agent use OAuth credentials that can change your X account. Prefer read-only bearer-token configuration unless write actions are needed, and require your own explicit confirmation before posting, uploading local files, bookmarking, or deleting tweets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file exposes a destructive delete_tweet capability even though the accompanying metadata reportedly does not declare it. Hidden or undeclared write/destructive actions are dangerous because an orchestrator, reviewer, or user may treat the skill as lower-risk than it actually is, enabling unexpected account-impacting actions. In a social-platform skill, delete functionality is especially sensitive because it can irreversibly remove user content.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The server exposes a destructive x_delete_tweet capability, but the top-level description only advertises reading, searching, bookmarking, posting, and media upload. This mismatch can mislead users or orchestrating agents about the skill's true risk profile, increasing the chance that a deletion action is invoked without appropriate scrutiny or policy gating.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes account-affecting operations such as posting, deleting tweets, bookmarking, and uploading media without an explicit warning that these actions modify the user's X account. In an agent context, unclear disclosure increases the chance of unintended destructive or reputation-impacting actions if a user or downstream system invokes write tools without fully understanding their effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes state-changing operations including posting, bookmarking, and deleting tweets, but the documentation does not clearly warn that these actions affect a live external account and may be irreversible or user-visible. In an agent context, this increases the chance of accidental destructive or reputational actions, especially for delete_tweet and post_tweet when invoked without explicit confirmation safeguards.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
delete_tweet performs an irreversible destructive action with no built-in confirmation, preview, or safety interlock. In an agent setting, this increases the risk of accidental, coerced, or prompt-manipulated deletion of posts, especially if the model misinterprets user intent or acts on ambiguous instructions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code directly exposes x_delete_tweet and invokes delete_tweet(params) with no built-in confirmation, dry-run mode, or additional authorization check in this server layer. In an agent setting, this makes accidental or prompt-induced destructive actions more likely, especially because the skill already holds OAuth credentials capable of deleting live user content.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The manifest advertises write-capable actions such as posting tweets and uploading media without an explicit user-facing warning that the skill can perform external side effects. In agent ecosystems, unclear disclosure of outbound write actions increases the risk of unintended or socially engineered use that can publish content or media to a live account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal