ClawOS X Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is transparently for operating the @ClawOS X account, but it enables live public posting and engagement without clear approval or credential-scope safeguards.

Install only if you intend to let an agent operate the live @ClawOS X account. Verify the `xurl` binary and authenticated account before use, constrain credentials to the intended profile, and require manual approval for every post, reply, quote, like, or retweet unless you explicitly want autonomous public engagement.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill description is broad enough to be invoked for many generic X/Twitter tasks, yet it controls a live brand account with posting, replying, liking, quoting, and retweeting capabilities. That increases the chance of accidental activation in the wrong context, causing unauthorized public actions, brand damage, or amplification of unsafe content.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill operates a real X account but does not prominently warn that actions can publish content and engage publicly on a live social-media profile. Without an explicit warning, users or upstream agents may treat it like a drafting-only helper and unintentionally trigger irreversible public posts, replies, likes, or retweets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal