ClawHub

Twexapi CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent twexapi CLI helper, but it combines stored social-account credentials, public write actions, implicit invocation, and an overbroad raw request path that can send the saved API key to arbitrary URLs.

Install only if you intend to let this skill manage twexapi/X credentials and account actions. Use an isolated --config-dir or TWEXAPI_CONFIG_DIR, avoid shared machines and CI for long-lived cookies, prefer dry-run before any write action, and do not use the generic command with full external URLs while credentials are configured.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs the agent to use environment variables, persistent config files, and networked CLI operations, but it declares no explicit permissions or boundaries for those capabilities. This creates a real risk because an agent using the skill may access credentials from the environment and make outbound requests without clear least-privilege constraints or user-visible approval semantics.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The generic request path accepts full http/https URLs, not just scoped twexapi-relative paths. In an agent skill context, this creates an SSRF-style arbitrary outbound request primitive that can be abused to contact attacker-controlled hosts, internal services, cloud metadata endpoints, or other unintended destinations, especially when combined with caller-supplied method and body.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill enables implicit invocation without any documented trigger constraints, guardrails, or exclusion conditions. Because this skill is designed to install, configure, and run a credential-aware CLI against external endpoints, automatic selection could cause the agent to invoke security-sensitive operations in contexts where the user did not explicitly request use of this tool.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The help text explicitly instructs users to save highly sensitive material such as cookies, auth_token values, and API keys, but it provides no warning about their sensitivity, storage risks, or safe handling. In a CLI skill centered on authentication and write actions, this increases the likelihood of insecure credential management, leakage via shell history or screenshots, and unsafe persistence on disk.

Session Persistence

Medium
Category
Rogue Agent
Content
1. Confirm the CLI is available.
2. Make sure an app config or API key is available for read requests.
3. Make sure a saved profile or explicit cookie is available for write requests.
4. Prefer convenience commands first.
5. Fall back to `twexapi <path>` only when no convenience command fits.
6. Use `--dry-run` before real write actions unless the user explicitly asks to execute them.
Confidence
88% confidence
Finding
write requests. 4. Prefer convenience commands first. 5. Fall back to `twexapi <path>` only when no convenience command fits. 6. Use `--dry-run` before real write actions unless the user explicitly as

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal