Skillv1.0.0

ClawScan security

X Twitter Collector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 27, 2026, 6:10 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (collecting public X/Twitter posts via a browser tool) but contains inconsistent / risky details—most notably hard-coded local paths and instructions that rely on an authenticated browser session—so it deserves caution before use.
Guidance: Before installing or running this skill: 1) Review and change config.json paths—do not accept or use hard-coded /Users/chendongtao/... locations; point screenshots/reports to a controlled directory. 2) Be cautious about running while your browser is logged into accounts you care about: the skill does full-page snapshots/screenshots and could capture other authenticated content from the browser profile. 3) If you only need public tweets, avoid logging into X in the same browser profile used by the skill (or use an isolated profile). 4) Confirm rate/volume limits and don’t use it for mass scraping that could violate X’s terms. 5) Because the skill is instruction-only, inspect and sanitize any saved output before sharing. If you want higher assurance, ask the author for a version that parameterizes storage paths and avoids assumptions about a named local user.

Review Dimensions

Purpose & Capability: concernThe skill's name/description align with the runtime instructions (it uses the OpenClaw browser to capture and parse user pages). However config.json contains absolute, user-specific paths (/Users/chendongtao/...) and other assumptions (profile: 'openclaw') that are not appropriate for a generic reusable skill and are not declared in the manifest. That mismatch (declaring no required config paths/env but embedding a specific user's directories) is incoherent and surprising.
Instruction Scope: concernRuntime instructions perform full-page snapshots and screenshots and parse page content via the browser tool. They also recommend logging into an X account to avoid content restrictions. Combining full-page screenshots and an authenticated browser session can capture sensitive or private data in the browser profile beyond the target user's public tweets. The instructions do not explicitly constrain data capture to only tweet content or limit what page elements are captured.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute. That minimizes installation risk—nothing is being downloaded or written by an installer—but the runtime browser operations still perform network/page access.
Credentials: concernThe manifest declares no required environment variables or config paths, yet config.json hard-codes local directories for screenshots and reports under a specific home directory. Requiring or writing to another user's home path is disproportionate and non-portable. The skill also encourages using a logged-in X account (which would implicitly use the browser's cookies/session) without declaring any credential handling—this can expose authenticated session data via screenshots or snapshots.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It can be invoked autonomously (the platform default), which increases blast radius if combined with other concerns, but on its own this is expected behavior and not a direct red flag here.