ClawHub

Monitor X posts

Security checks across malware telemetry and agentic risk

Overview

This skill coherently monitors selected X/Twitter accounts, but users should protect the API token and understand that fetched tweet history is stored locally.

Install only if you are comfortable providing an X API bearer token, allowing scheduled X API polling, and keeping recent fetched tweet text in a local history file. Use a limited token where possible, restrict permissions on credentials.json, keep it out of version control and backups, and delete tweet_history.json periodically if you do not want a retained local archive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly requires network access to call the X API and file-write access to maintain handles, schedule, criteria, and last-check state, yet no explicit permissions are declared. This creates a transparency and governance gap: users and the platform cannot accurately assess or constrain what the skill is allowed to do, increasing the risk of overbroad execution or hidden side effects.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script persistently stores the full contents of fetched tweets in a local history file, which goes beyond a simple monitor-and-surface function and increases data retention without clear necessity or disclosure. Even though tweets are public, retaining full historical content can create unnecessary privacy, compliance, and local data exposure risk if the workstation or workspace is accessed by others.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to place a bearer token in a local JSON file but provides no guidance on file permissions, secure storage, rotation, or the risk of accidental disclosure. Because this token enables API access, insecure local handling could lead to credential theft, misuse of the user's X account quota, or unauthorized monitoring activity.

Missing User Warnings

Low
Confidence
87% confidence
Finding
Tweet data is written to a local history file without explicit user disclosure in the program's interface or output, which creates silent persistence. In this skill context, hidden local retention is more concerning because the expected behavior is periodic monitoring, not archival of all returned content.

Credential Access

High
Category
Privilege Escalation
Content
## Storage

- **Credentials:** `~/.openclaw/workspace/x-monitor/credentials.json`
- **Handles:** `~/.openclaw/workspace/x-monitor/handles.json`
- **Schedule:** `~/.openclaw/workspace/skills/x-monitor/config/schedule.json`
- **Criteria:** `~/.openclaw/workspace/x-monitor/noteworthy-criteria.md`
Confidence
89% confidence
Finding
credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal