ClawHub

X Expert

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal X/Twitter publishing assistant, but it includes live account-changing powers, including tweet deletion, without a clear in-flow confirmation safeguard.

Install only if you are comfortable giving the skill X account credentials that can publish and may delete tweets. Keep manual review enabled, avoid direct publishing modes for sensitive accounts, do not send confidential material in search or image prompts, and use revocable least-privilege API tokens where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requires environment secrets and clearly performs networked actions, but it does not declare corresponding permissions. This undermines the trust boundary for users and reviewers because the skill can access credentials and call external services without an explicit permission model, increasing the chance of unintended data exposure or unauthorized external actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior exceeds the stated purpose by including broader external search, image-generation integrations, and referenced direct operational scripts such as posting and possibly deletion. This mismatch is dangerous because users may grant trust and credentials for a limited publishing workflow while the skill appears capable of materially different or higher-risk actions, including actions on live social media content and transmission of data to multiple third parties.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file implements tweet deletion even though the skill is described as a create/plan/publish assistant. This scope expansion introduces a destructive capability that could be invoked by an agent or workflow unexpectedly, increasing the chance of unauthorized or accidental content removal.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Deleting existing tweets is a destructive action not justified by the stated purpose of a publishing assistant, so users and integrators may not expect the skill to have that capability. In agentic settings, mismatched capabilities are dangerous because a prompt, bug, or abuse path could trigger irreversible deletion of social content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes scripts that post, upload media, and delete tweets without clearly warning that they perform real external network actions on the user's X account, including destructive deletion. In a conversational agent skill, missing disclosure increases the risk that users authorize or trigger impactful account actions without understanding the consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises publishing, scheduling, image generation, and deletion actions that can affect a user's public account and may transmit prompts/content to third-party services, but it provides no explicit warning about privacy, external data sharing, or irreversible account actions. In a skill that directly interfaces with X and multiple AI/search providers, this omission makes accidental misuse and unsafe consent more likely.

External Transmission

Medium
Category
Data Exfiltration
Content
const apiKey = process.env.OPENAI_API_KEY;
  if (!apiKey) throw new Error('OPENAI_API_KEY not set');

  const response = await fetch('https://api.openai.com/v1/images/generations', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
fetch('https://api.openai.com/v1/images/generations', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
const apiKey = process.env.MINIMAX_API_KEY;
  if (!apiKey) throw new Error('MINIMAX_API_KEY not set');

  const response = await fetch('https://api.minimax.chat/v1/image_generation', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
fetch('https://api.minimax.chat/v1/image_generation', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
const apiKey = process.env.NANO_BANANA_API_KEY;
  if (!apiKey) throw new Error('NANO_BANANA_API_KEY not set');

  const response = await fetch('https://api.nano-banana.com/v1/generate', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
fetch('https://api.nano-banana.com/v1/generate', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
if (!apiKey) throw new Error('LEONARDO_API_KEY not set');

  // 先创建生成任务
  const response = await fetch('https://api.leonardo.ai/v1/generations', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
fetch('https://api.leonardo.ai/v1/generations', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
const apiKey = process.env.OPENAI_API_KEY;
  if (!apiKey) throw new Error('OPENAI_API_KEY not set');

  const response = await fetch('https://api.openai.com/v1/images/generations', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
const apiKey = process.env.MINIMAX_API_KEY;
  if (!apiKey) throw new Error('MINIMAX_API_KEY not set');

  const response = await fetch('https://api.minimax.chat/v1/image_generation', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
https://api.minimax.chat/

External Transmission

Medium
Category
Data Exfiltration
Content
const apiKey = process.env.NANO_BANANA_API_KEY;
  if (!apiKey) throw new Error('NANO_BANANA_API_KEY not set');

  const response = await fetch('https://api.nano-banana.com/v1/generate', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
https://api.nano-banana.com/

External Transmission

Medium
Category
Data Exfiltration
Content
if (!apiKey) throw new Error('LEONARDO_API_KEY not set');

  // 先创建生成任务
  const response = await fetch('https://api.leonardo.ai/v1/generations', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
93% confidence
Finding
https://api.leonardo.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
await new Promise((r) => setTimeout(r, 2000));

    const response = await fetch(
      `https://api.leonardo.ai/v1/generations/${generationId}`,
      {
        headers: { Authorization: `Bearer ${apiKey}` },
      }
Confidence
88% confidence
Finding
https://api.leonardo.ai/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal