Skillv0.1.0

ClawScan security

X Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 10:27 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, declared requirements, and runtime instructions are generally consistent with a Twitter/X account manager, with a few small implementation mismatches you should be aware of before installing.
Guidance: This skill appears to do what it says, but check these things before installing: 1) It expects per-user credential files in credentials/{USER_ID}.json — ensure you are comfortable storing API keys in that location and protect that directory. 2) The SKILL metadata lists TWITTER_* env vars but the scripts ignore them — decide whether you prefer env-based or file-based credentials and adjust accordingly. 3) The scripts use the 'requests' library and optionally a 'twitterv2' client but no install steps are provided; ensure your environment has those packages. 4) Verify the Twitter API tier and tokens you provide are appropriate (some endpoints require elevated privileges). 5) Note a stray string referencing storyclaw.com in an error message — benign by itself, but if you need external hosting or redirects, confirm the origin. If you want higher assurance, ask the author for a documented install/requirements file and clarify whether env vars or credential files are the intended auth mechanism.

Review Dimensions

Purpose & Capability: okName/description match the code and required credentials: the scripts implement posting, liking, replying, retweeting, timeline and search using Twitter API calls and per-user credentials.
Instruction Scope: noteSKILL.md and scripts confine actions to Twitter API calls and per-user credential files under credentials/{USER_ID}.json. Minor scope mismatches: SKILL.md lists env var usage as an alternative, but the scripts always load credentials from credentials/{USER_ID}.json (they do not read TWITTER_* env vars). No instructions attempt to read unrelated system files or exfiltrate data to external endpoints.
Install Mechanism: okInstruction-only skill with no install spec (no code downloaded at install time). Scripts import requests and optionally a 'twitterv2' library; the skill does not declare these Python deps, so the environment must already provide them. This is a usability/robustness omission, not an obvious security hazard.
Credentials: noteDeclared required env vars are all Twitter-related and appropriate for the stated purpose. However, the code does not actually read those env vars and instead requires per-user credential files, so the metadata's required-env list is inconsistent with implementation — a minor coherence issue but not direct evidence of malicious intent.
Persistence & Privilege: okSkill is not always-enabled and is user-invocable; it does not request system-wide config changes or other skills' credentials. It stores/reads credentials in its own credentials/ directory as expected for a multi-user skill.