ClawHub
Back to skill
v1.0.0

Read Tweet

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:13 AM.

Analysis

This instruction-only skill is coherent for reading public X/Twitter posts, but it uses Bash/curl and a third-party proxy, so users should be aware of the network requests and broad tool access.

GuidanceThis appears safe for reading public tweet links, but remember that tweet URLs are sent to fxtwitter/vxtwitter and Bash is available for curl. Prefer use on explicit X/Twitter status links, ask before fetching linked articles, and remove the unused Read permission if possible.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash, Read ... curl -s "https://api.fxtwitter.com/{username}/status/{tweet_id}"

The workflow uses Bash to run curl with URL-derived values and send requests to a third-party tweet proxy. This is aligned with reading tweets, but users should notice the broad shell/network tool use.

User impactThe agent may make outbound requests for the X/Twitter links you provide and should not be allowed to turn this into arbitrary shell use.
RecommendationUse only with explicit X/Twitter status URLs; validate the username and numeric tweet ID before constructing the curl command and keep Bash use limited to the documented fetch.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
如推文包含外链文章,可进一步用 curl 抓取外链内容

The skill optionally suggests fetching articles linked from a tweet with curl. That can be useful, but it expands network access from the Twitter/X proxy to arbitrary linked sites.

User impactIf a tweet contains a link, the agent may fetch additional web pages beyond the original tweet.
RecommendationAsk before fetching linked articles and avoid following unexpected, private-network, or non-HTTP(S) URLs.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityInfoConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash, Read

The Read tool grants local file-read capability, but the documented tweet-reading workflow does not require reading local files.

User impactThe skill has a local-file capability available during use even though reading tweets should not normally need it.
RecommendationRemove or ignore the Read permission unless a specific, user-approved local file is needed.