twitter-post

clawhub:twitter-post

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Read sensitive files and transmit externally EXFIL_013

exfiltration L18

Detects skills that both read sensitive credential files and send data to external services

Access Token Secret + Post tweets to Twitter/X via the official API

FIX

Block access to git credentials, SSH keys, and repository tokens. If git operations are needed, use scoped deploy keys and restrict the tool to specific repositories.

FP?

Likely FP if the match is documentation about git configuration (e.g., setting up git credentials helper) rather than code that reads and transmits them.

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L75

Detects MCP server configurations connecting to non-localhost remote URLs

"url":"https://x.com/i/status/123456789"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).