ClawHub

Twitter Autopilot

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Twitter automation purpose, but it needs review because it can use live OAuth credentials to post, delete, and follow autonomously with weak guardrails.

Review before installing. Use a disposable or low-risk Twitter/X account first, keep MODE.md in DRAFT until behavior is verified, avoid unattended cron posting, restrict and rotate OAuth tokens, and confirm the script only reads and writes the intended twitter/ files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The manifest description is broad enough to match many common Twitter-related tasks, which increases the chance of over-invocation. In an agent ecosystem, that can route loosely related requests into a skill that has real posting, deletion, follow, and automation powers, raising the risk of unintended external actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The queue processor can automatically publish content to an external social-media account and then rewrite local state files without any confirmation, dry-run, or explicit approval at execution time. In an agent/autopilot context, this increases the chance of unintended posts, reputational damage, and irreversible state changes if the queue contents were manipulated or generated incorrectly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The delete command immediately removes a tweet with no confirmation prompt, safeguard, or allowlist checks. Because deletion is a destructive action affecting a public account, accidental invocation or misuse by an autonomous agent can cause irreversible loss of content and operational/reputational harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal