Back to skill

Security audit

Storyclaw X Manager

Security checks across malware telemetry and agentic risk

Overview

This X/Twitter account-management skill is purpose-aligned, but it needs review because it stores powerful account tokens in local JSON files and can post, like, reply, or retweet without built-in confirmation.

Review before installing. Use only in a trusted, well-isolated environment; protect and rotate X/Twitter tokens; restrict which USER_ID values an agent can use; and require human approval before any post, reply, like, retweet, or auto-reply action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs that per-user X/Twitter credentials are stored in plaintext JSON files on disk without warning about the sensitivity of this practice or describing protections. If the host is multi-tenant, compromised, or improperly permissioned, these tokens could be stolen and used to post, read, or act as the user on X/Twitter.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This script performs a state-changing social-media action immediately when invoked, with no user-facing confirmation, allowlist, or secondary approval step. In an agentic context that can call skills autonomously, this increases the risk of unauthorized or accidental retweets that can damage account integrity, reputation, or amplify harmful content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.