Skillv0.1.2

ClawScan security

Twitter Watch Reply · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 7:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and SKILL.md match the described Twitter-watch-and-draft-reply purpose, but the package metadata omits the required TWITTER_TOKEN and the skill relies on a third‑party 6551 API — this mismatch and external dependency warrant caution before installing.
Guidance: This skill largely does what it claims (poll a 3rd‑party 6551 API for tweets, generate reply candidates, and manage a local state directory), but the package metadata failing to declare the required TWITTER_TOKEN is a red flag — it reduces transparency about what secrets the skill needs. Before installing: (1) inspect the included scripts (doctor.py, fetch_latest_tweets.py) and confirm you are comfortable giving TWITTER_TOKEN to the 6551 service (ai.6551.io); (2) run doctor.py in a safe/test environment to see what it attempts and what responses the 6551 endpoints return; (3) avoid storing the token in source control and prefer an isolated runtime (container or VM); (4) if you need stronger assurance, ask the publisher to correct the registry metadata to declare TWITTER_TOKEN and describe precisely what the token allows. If you cannot verify the origin/permissions of the 6551 token, do not provide credentials or enable automated sending.

Review Dimensions

Purpose & Capability: concernThe skill's description, SKILL.md, and Python scripts consistently implement a semi‑automatic Twitter/X watch-and-reply flow using a 6551 API token (TWITTER_TOKEN). However, the registry metadata lists no required environment variables or primary credential; that omission is inconsistent with the skill's stated need for TWITTER_TOKEN and is a packaging/metadata mismatch that reduces transparency.
Instruction Scope: concernRuntime instructions restrict actions to polling a third‑party API (ai.6551.io), writing state/config under the workspace data directory, rendering alerts, and relying on a locally logged‑in browser for sending replies. Those actions are within the stated purpose, but the SKILL.md and scripts read TWITTER_TOKEN (not declared in metadata) and make network POSTs to ai.6551.io — any external network calls and token use should be explicit in the package metadata so users understand the blast radius.
Install Mechanism: okNo install spec or remote downloads; the skill is instruction-only plus plain Python scripts included in the package. No installers, archived downloads, or untrusted URLs are used — low install risk from this package itself.
Credentials: concernFunctionally the skill only needs a single token (TWITTER_TOKEN) and filesystem write access to its data directory, which is proportionate. The concern is that the token requirement is not declared in the registry metadata; also the token is for a third‑party service (6551/ai.6551.io) — users should verify what permissions that token grants and whether they trust the external service before providing credentials.
Persistence & Privilege: okThe skill does not request elevated platform privileges, is not marked always:true, and only writes to its own workspace/data paths (config.json, state.json, logs). It does not modify other skills or global agent settings.