X Manager
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches an X account manager, but it can use stored Twitter credentials for public account actions and its multi-user and auto-reply controls are not clearly bounded.
Only install if you are comfortable giving this skill X/Twitter API credentials that can read and potentially post, reply, like, and retweet. Use a dedicated low-privilege X app/token if possible, verify the storyclaw.com binding path before using it, confirm the target account and content before every public action, and avoid enabling auto-reply until clear limits and disable controls are provided.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
In a shared or multi-user setup, a mistaken or malicious invocation could select another configured account's credential file and post or engage as that account.
The credential file used for account actions is selected directly from the caller-supplied user_id; the supplied scripts do not show validation, binding to the active user, or rejection of path-like values.
cred_path = os.path.join(SKILL_DIR, 'credentials', f'{user_id}.json')Bind credential lookup to the authenticated OpenClaw user, reject path separators in USER_ID, store tokens in a platform vault, and show the target X account before any write action.
Automatic public replies or other engagement could damage reputation, violate platform rules, or interact with unintended posts if enabled without review controls.
The skill advertises an auto-reply workflow for public X interactions, but the artifacts do not define approval prompts, maximum volumes, rate limits, allow/deny lists, or stop conditions.
"auto_reply": { "enabled": true, "keywords": ["keyword1", "keyword2"], "reply_template": "Thanks {username} for {keyword}!" }Require explicit user confirmation for each public post or a clearly scoped automation policy with limits, logs, dry-run preview, and an easy disable option.
A user may be steered to an unverified third-party site to grant or enter X account access.
The code can direct users to bind an X account at storyclaw.com, while the supplied skill metadata lists no homepage and the main SKILL.md does not disclose that specific credential-binding destination.
raise Exception("Twitter credentials not found. Please bind X account at storyclaw.com")Verify the publisher and domain before binding any account, and require the skill documentation/metadata to clearly disclose any external credential-binding service.
The skill may fail at runtime or lead users to install packages manually without pinned versions.
The scripts depend on third-party Python packages, but the supplied install information lists no install spec and only requires the python3 binary, leaving dependency installation and pinning unspecified.
from twitterv2 import Client ... import requests
Use a reviewed, pinned requirements file or install spec, and install dependencies only from trusted package sources.