ClawHub

Tweet Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local tweet/content logbook that saves user-entered drafts and history on disk, with no evidence of network sharing, credential use, or hidden privileged behavior.

Install only if you are comfortable with drafts, campaign ideas, and command history being saved locally in ~/.local/share/tweet-generator. Do not enter secrets or highly sensitive unpublished material, and remove that directory manually if you need to clear stored history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented primarily as a tweet/content drafting tool, but it also persistently logs all user inputs, keeps a global history, and supports bulk export and search over stored content. That expands the data-handling surface significantly beyond the declared purpose, creating a meaningful risk that sensitive prompts, drafts, campaign plans, or confidential text are retained and later exposed without the user fully appreciating that behavior.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script silently creates a persistent data directory and logs user inputs and activity history, even though the skill is presented as a tweet drafting/editing utility. This creates an undisclosed data-retention behavior that can expose sensitive drafts, campaign plans, or private text to other local users, backups, or later export operations.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The help output advertises extra data-management features such as stats, export, search, recent, and status that extend beyond simple tweet generation. These features increase the attack surface around stored user content and indicate functionality that users may not expect from the declared purpose of the skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The export function serializes all stored logs into JSON, CSV, or TXT without access controls, redaction, or scoping, making bulk extraction of historical user content trivial. In the context of a tweet generator, this is more dangerous because users are unlikely to expect a full-content archival export of everything they typed.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
The cross-log search command enables easy retrieval of historical user content across all categories, which is not clearly necessary for tweet generation. While not code-execution related, it lowers the effort required to mine stored content and compounds the privacy risk created by silent persistence.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill's invocation guidance is broad enough to match common writing, editing, translation, outlining, and headline-generation tasks, which increases the chance it will activate in contexts where users paste sensitive business or personal content. Because this skill also stores inputs locally, overbroad triggering raises the likelihood of unintended collection and retention of data unrelated to simple tweet drafting.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persistently stores user-provided content and activity history without prominently warning the user in the help text or metadata. This is a privacy and transparency failure: users may enter sensitive drafts or internal messaging assuming ephemeral processing when the tool actually retains everything locally.

Ssd 3

Medium
Confidence
94% confidence
Finding
The script records all user content in plain text and provides commands to display and export it, creating a straightforward data exposure pattern. In a content-writing skill, users may paste embargoed announcements, credentials by mistake, or sensitive business messaging, so broad readable storage materially raises confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal