ClawHub

Twitter Watch Reply

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed semi-automatic Twitter/X monitoring and reply-drafting helper with expected token use, local state files, and optional outbound notifications that are disabled by default.

Install only if you are comfortable providing a 6551 Twitter/X token and storing watch state in the workspace. Keep notify.enabled false unless you intentionally want alert content forwarded to a configured chat channel, and review the channel target before enabling notifications or a polling loop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document explicitly instructs the host to send rendered tweet-derived content to external messaging channels automatically when `notify.enabled=true`, but it does not include a clear warning that content will leave the local environment or require an explicit user opt-in at send time. In this skill's context, monitored tweets, generated drafts, account targets, and thread metadata may be transmitted to Telegram/Discord/Slack, creating privacy, data leakage, and unintended outbound-communication risk if users or integrators assume the skill is local-only.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs a live POST request to an external domain and automatically attaches the TWITTER_TOKEN bearer token, but the diagnostic flow does not provide an explicit user-facing warning that running the doctor command will disclose the credential to a remote service. In this skill's context, the token is expected to be used with the 6551 API, so this is not inherently malicious, but it still creates credential disclosure risk if the endpoint changes, is compromised, or users run diagnostics without realizing it performs authenticated network activity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal