ClawHub

Mzu 每日简报

Security checks across malware telemetry and agentic risk

Overview

This news-briefing skill is coherent, but it asks users to copy live Twitter/X browser cookies and store credentials in plaintext without enough safety controls.

Install only after reviewing the credential risk. Prefer the Grok/API route or a dedicated low-risk X account, avoid using your main browser session cookies, restrict permissions on any credential files, keep secrets out of shell history and process arguments when possible, and enable the cron schedule only if you want recurring automated runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly instructs users to extract live Twitter/X session cookies (auth_token and ct0) from the browser and store them in a local env file. These are highly sensitive bearer-style session credentials; if leaked through shell history, file disclosure, backups, logs, or other local compromise, an attacker can hijack the user's Twitter/X session and act as that user.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README tells users to write a Grok API key directly into a local file without any secret-handling precautions. While an API key is generally less dangerous than a live browser session cookie, it can still be abused for unauthorized API usage, billing impact, account misuse, or access to linked data if the file is exposed.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instructions create a clear social-engineering and operational path for collecting, persisting, and reusing active Twitter/X authentication material outside the browser. Because the skill is specifically about aggregating news and does not inherently require browser-session exfiltration, this context makes the practice more dangerous: it normalizes unsafe credential handling for routine functionality.

Credential Access

High
Category
Privilege Escalation
Content
npm install -g @steipete/bird

# 从 Chrome 导出 auth_token + ct0
# 保存到 ~/.agent-reach-twitter.env

# 验证
bird --auth-token YOUR_AUTH_TOKEN --ct0 YOUR_CT0 whoami
Confidence
91% confidence
Finding
.env

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal