ClawHub

Twitter Research

Security checks across malware telemetry and agentic risk

Overview

This Twitter/X research skill has a legitimate purpose, but it uses a logged-in browser session and installs external automation tooling without clear consent boundaries.

Review before installing. Use a separate Chrome profile or test X account if possible, approve any `browser-use` installation yourself, and assume tweet URLs, tweet IDs, and research topics may be sent to fxtwitter or vxtwitter if the fallback path is used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill directs automatic installation and execution of an external CLI (`browser-use`) at runtime, which expands the trust boundary beyond the declared research task and introduces supply-chain and execution risk. In addition, it clears proxy environment variables and uses the local real browser session, which can bypass enterprise controls and access the user's authenticated context without an explicit upfront warning.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The fallback path sends tweet identifiers and retrieved content to third-party services (`fxtwitter`/`vxtwitter`) that are not disclosed in the manifest purpose, creating external data transmission and dependency risk. Even if intended for availability, this broadens data exposure and may leak user research targets, accessed URLs, or account-linked browsing patterns to unaffiliated services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill relies on `-b real` and the user's logged-in Chrome/Twitter session, but the description does not clearly warn that it will operate inside an authenticated browser context and may expose browsing/account data to external tooling and fallback APIs. This is dangerous because users may invoke the skill expecting simple public web research, not account-context automation with potential data transmission outside Twitter/X.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal