ClawHub
Back to skill

Security audit

Twitter Listen Comment

Security checks across malware telemetry and agentic risk

Overview

This skill is openly built to monitor X/Twitter and auto-post replies, but it can publish from a logged-in account without a clear approval or dry-run gate.

Install only if you intentionally want an agent to monitor selected X/Twitter accounts and post replies from your logged-in account. Use a test account first, verify notification targets, review the external data flows, and add or require a manual-approval or dry-run mode before allowing live posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script autonomously generates and posts replies on X using a browser-driving agent, without human approval, recipient confirmation, or content safety checks. In context, this can enable spam, reputational damage, policy violations, or abuse if the monitored account posts adversarial or provocative content that the agent then reacts to automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes monitoring accounts, generating replies, and using browser automation to post comments, but it does not prominently warn that the skill performs autonomous public posting on the user's behalf. This is dangerous because users may run it without fully understanding that it can publish content from their logged-in Twitter/X session, creating reputational, compliance, and account-safety risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README mentions sending tweet detections and comment-success notifications to external channels such as Telegram, but omits a privacy/security warning about forwarding links, account activity, and operational metadata to third-party services. This can expose monitored targets, posting behavior, and potentially sensitive workflow information to external systems or unintended recipients if misconfigured.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description notes use of the 6551 API and OpenClaw to detect tweets and generate replies, but it does not warn that tweet content and related account data may be transmitted to external services. This is risky because users may unknowingly send third-party content, handles, or generated prompts off-device, which can create privacy, compliance, and data-governance issues depending on what tweets are monitored and how those services retain data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description notes use of the 6551 API and OpenClaw to detect tweets and generate replies, but it does not warn that tweet content and related account data may be transmitted to external services. This is risky because users may unknowingly send third-party content, handles, or generated prompts off-device, which can create privacy, compliance, and data-governance issues depending on what tweets are monitored and how those services retain data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script continuously polls, generates replies, posts them, and persists state without any user-facing confirmation, dry-run mode, or startup warning. In this context, the lack of confirmation materially increases the risk of unintended social-media actions and makes accidental misuse or unattended abuse more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.