X (Twitter) 推文发布工具

Name: x-publisher
Author: manifoldor

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

The x-publisher skill is vulnerable to

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

X (Twitter) 推文发布工具: 使用官方 Tweepy 库发布推文，支持纯文本、图片、视频等多种媒体类型。

Actually does

This skill uses `python3` and the `tweepy` library to interact with the X (Twitter) API. It reads X API credentials from environment variables and allows users to publish text-only tweets or tweets with local image/video files. It also provides a `verify` command to check API credentials and returns tweet IDs and URLs upon successful publication.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemanifoldor/x-publisher

Registryclawhub

Version1.0.6

PURLpkg:clawhub/manifoldor/x-publisher@1.0.6

Stars4

Downloads1,837

Installs3

Source

Repository ↗

SHA-2561b1d8829e23d...

SHA-16409ae652a89...

MD57181eb9e0b0f...

TLSH97d1ea91ef00...

ssdeep96:tX4RJuD9a...

Size6,573 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/manifoldor/x-publisher

1,837 downloads3 installs

ClawHubDocs

openclaw skills install manifoldor/x-publisher

Assessments (2)

AI Agent Traps ↗

Prompt Injection Detectedhighprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.83)

83% confidence

Potential Command Injection via Script Argumentshighcommand execution

The skill describes executing an external Python script (`scripts/x_publisher.py`) with arguments (`text`, `--media`) that can be controlled by an attacker. If the underlying script does not properly sanitize these inputs, it could lead to arbitrary command injection.

80% confidenceline 80

python3 scripts/x_publisher.py tweet "Hello, X! This is my first tweet."

Data Exfiltration via Media Publishinghighdata exfiltration

The skill enables publishing local media files to a public platform (X) by specifying a file path via the `--media` argument. An attacker could manipulate an agent to provide a path to a sensitive local file, leading to its exfiltration.

90% confidenceline 87

python3 scripts/x_publisher.py tweet "Check out this photo!" --media /path/to/image.jpg

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/manifoldor/x-publisher.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/manifoldor/x-publisher)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/manifoldor/x-publisher"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/manifoldor/x-publisher.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/manifoldor/x-publisher.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow