ClawHub

X Algorithm Optimization

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed X content-strategy guide with a local post-evaluation helper and no evidence of account access, automated posting, exfiltration, persistence, or destructive behavior.

Installers should treat this as marketing and content-strategy advice, not a guaranteed description of X's current ranking system. Keep human review over public posts, avoid manipulative or spammy engagement tactics, and review the optional Python script before running it with sensitive draft content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This markdown file gives extensive prescriptive guidance for triggering replies, quotes, retweets, profile clicks, and follows, including provocative tactics, but it does not include a clear user-facing warning about potential downsides to user trust, account health, or platform enforcement. Because the file is a skill description, SQP-2 applies when behavior affecting user data, privacy, or system integrity lacks disclosure; here the omission is the lack of an explicit caution that aggressive optimization tactics may have adverse consequences.

Natural-Language Policy Violations

Low
Confidence
89% confidence
Finding
This code presents all user-facing usage/help text in English and the report formatter elsewhere in the file also emits fixed English strings, with no opt-in or locale selection mechanism. Under the stated policy, forcing a specific language without user choice can be a natural-language policy violation when no justification is documented.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal