ClawHub

X Search (Grok API)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed X/Twitter search helper; users should be aware it can save or overwrite local Markdown files and optionally send scheduled results to messaging platforms.

Install only if you are comfortable sending X/Twitter queries and returned content to xAI through your API key. Use a dedicated output directory because --output can overwrite same-day files, and enable cron or Telegram/Slack/Discord delivery only for searches whose results you are comfortable storing or sharing in those services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill advertises capabilities that include environment access, network use, shell execution, and file writing, but does not declare any permissions or constraints in the manifest. This creates a transparency and governance gap: an agent or reviewer may treat the skill as a simple search formatter while it can access secrets, make outbound requests, and write persistent files.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest frames the skill as a search tool that outputs Markdown, but the documentation also allows saving to arbitrary user-supplied paths and overwriting existing same-day files. That mismatch can lead users or orchestrators to invoke the skill without realizing it performs persistent filesystem writes, increasing risk of unintended data loss or writing into sensitive locations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly instructs users to schedule x-search runs and send results to external messaging platforms like Telegram, Slack, and Discord, but it does not warn that collected search content may be transmitted off-platform and into third-party services. In this skill context, that omission matters because scheduled automation increases the chance of repeated, unnoticed disclosure of monitored content, handles, topics, or derived summaries to destinations that may have different retention, access, and compliance properties.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad enough to match ordinary conversation about X/Twitter, increasing the chance of unintended invocation. In an agent environment, accidental activation can cause unnecessary network calls, use of API credentials, and file output behavior without a clear user request to run the skill.

Self-Modification

High
Category
Rogue Agent
Content
`--output` saves the result to a Markdown file (stdout is preserved):
- Pass a **directory** → auto-named file: `karpathy-2026-03-22.md`, `trends-AI-2026-03-22.md`, etc.
- Pass a **full path** → saved directly to that path
- Same-day runs overwrite the existing file (no duplicate accumulation)

`--progress-only` suppresses full Markdown on stdout — prints one summary line instead. Use with `--output` in automated pipelines (watchlist, cron) to avoid injecting large outputs into the agent context.
Confidence
94% confidence
Finding
overwrite the existing file

Session Persistence

Medium
Category
Rogue Agent
Content
`--output` saves the result to a Markdown file (stdout is preserved):
- Pass a **directory** → auto-named file: `karpathy-2026-03-22.md`, `trends-AI-2026-03-22.md`, etc.
- Pass a **full path** → saved directly to that path
- Same-day runs overwrite the existing file (no duplicate accumulation)

`--progress-only` suppresses full Markdown on stdout — prints one summary line instead. Use with `--output` in automated pipelines (watchlist, cron) to avoid injecting large outputs into the agent context.
Confidence
89% confidence
Finding
write the existing file (no duplicate accumulation) `--progress-only` suppresses full Markdown on stdout — prints one summary line instead. Use with `--output` in automated pipelines (watchlist, cron

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal