Skills
skills/liuzln/openclaw-skills/x-tweet-fetcher/Gen Agent Trust Hub

x-tweet-fetcher

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The fetch_direct.py script utilizes subprocess.run() to invoke the main scraping tool. It correctly passes arguments as a list rather than a single string, which prevents shell injection vulnerabilities when handling the user-provided URL.
  • [EXTERNAL_DOWNLOADS]: The skill relies on the Playwright automation library, which typically downloads browser binaries (e.g., Chromium) to the system. This is standard behavior for the tool's primary purpose.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection because it fetches and processes arbitrary text from X (Twitter). If a tweet contains malicious instructions, the agent may inadvertently follow them when analyzing the fetched content.
  • Ingestion points: Untrusted tweet content is retrieved from X.com in x_tweet_fetcher.py via the XTweetFetcher class.
  • Boundary markers: No delimiters or protective markers are used to encapsulate the external text when presented to the agent.
  • Capability inventory: The skill has the ability to write to the filesystem and execute local scripts via subprocess.
  • Sanitization: There is no evidence of filtering or sanitizing the retrieved tweet content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 06:21 PM