ClawHub

Twitter Scrape

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned with Twitter scraping, but it asks users to extract live X/Twitter session cookies and use anti-detection scraping code with limited safety guidance.

Review the external client code before running it, avoid using a primary X/Twitter account, never paste or commit auth_token or ct0 values, store cookie files with restrictive permissions, and only scrape data where you have authorization and a clear plan for storage, retention, and deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises Cloudflare bypass and anti-detection behavior ('TLS fingerprint emulation' and Chrome emulation) for a scraping workflow without any legitimate defensive justification. In context, this increases operational stealth and helps evade platform protections, making misuse easier and raising legal, policy, and abuse risks.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The instructions tell users to manually extract authenticated Twitter session cookies (auth_token and ct0) from their browser and supply them to the tool. That is sensitive credential material, and documenting collection and reuse of live session tokens materially expands the skill from public scraping into authenticated account access, with clear account-compromise and misuse potential.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description presents the tool as a scraper/exporter but does not prominently warn that it uses authenticated cookies and writes scraped data to local files and optionally external databases. This under-disclosure can cause operators to expose credentials and collected data without informed consent or adequate safeguards.

VirusTotal

No VirusTotal findings

View on VirusTotal