Back to skill

Security audit

X Timeline Digest

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: read X timelines through a local bird session, produce a digest, and keep limited local state to avoid repeats.

Install this only if you are comfortable letting it read your authenticated X timelines through bird and store a small local history of processed tweet IDs. Review any upstream workflow that receives the generated digest, and delete ~/.openclaw/state/x-timeline-digest.json if you want to reset the stored history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill writes persistent local state to ~/.openclaw/state even though its stated role is to emit a digest payload upstream. This creates an unnecessary data-retention surface containing tweet IDs and run timestamps, which can expose user activity history to other local processes, backups, or misconfigured file permissions.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill accesses authenticated X/Twitter timelines and persists state to disk, but the description does not prominently warn users about these privacy-relevant behaviors. In context, this can cause users to run the skill without understanding that account-derived content and tweet identifiers will be locally stored, increasing the risk of unintended disclosure on shared systems or misconfigured environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.install_untrusted_source

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
digest.js:77

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
latest_digest.json:14