ClawHub

Openclaw Twitter Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto market monitoring skill with optional watchlist changes and scheduled Telegram reports that users should enable deliberately.

Install only if you trust CT Monitor with your API key and crypto research queries. Review paid API calls, confirm watchlist add/remove requests, and create cron or Telegram jobs only for reports you intentionally want sent outside OpenClaw on a recurring schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The README documents `POST /subscriptions/?username=XXX`, which implies the skill can modify server-side state and create ongoing monitoring, exceeding a strictly read-only analysis scope. If users or the platform expect passive intelligence only, this capability can cause unauthorized tracking, unexpected data collection, or surprise persistence beyond a single query.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill goes beyond passive analysis by embedding automation instructions that schedule recurring runs and deliver outputs to Telegram. This expands the blast radius from an interactive analyst tool into an autonomous outbound system, which can generate unsolicited messages, amplify mistakes, and create data exfiltration or spam risks if enabled without explicit user consent.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The watchlist management capability introduces state-changing behavior that is not necessary for read-only crypto monitoring and analysis. Allowing the skill to add monitored accounts can alter persistent system state and may be misused to subscribe to arbitrary targets or create noisy, unintended monitoring configurations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Including subscription deletion in the quick API reference exposes destructive state-changing behavior in a skill framed as an intelligence analyst. This makes it easier for the agent or downstream tooling to invoke account-modifying actions outside the expected read-only scope, potentially removing monitoring targets or disrupting service for the user.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The statement that the system 'automatically calls the right APIs' is broad enough to normalize autonomous invocation without clear boundaries on when external requests occur. In an agent environment, vague auto-invocation language can lead users to expose prompts, watchlists, or research topics to external services without realizing that a remote API is being queried.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages scheduled delivery to Telegram but does not warn that generated briefings may be transmitted to a third-party messaging platform. This increases the risk of accidental disclosure of sensitive research prompts, portfolio interests, trading intent, or monitored entities outside the primary system boundary.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The cron examples operationalize automatic delivery to Telegram on a recurring basis without an explicit external-transmission notice or data-minimization guidance. Because these jobs run unattended, they can continuously exfiltrate summaries, alerts, or analysis artifacts to third-party channels with limited user awareness after initial setup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal