Is 0xjordansg-yolo/openclaw-twitter safe?

https://github.com/openclaw/skills/tree/main/skills/0xjordansg-yolo/openclaw-twitter

79
CAUTION

This skill is a Twitter/X API client that routes all operations through a third-party proxy service (api.aisa.one) rather than Twitter's official API. While the code itself is clean with no malicious patterns, prompt injection, or exfiltration attempts, the fundamental architecture requires users to send their Twitter login credentials (including plaintext passwords) to this intermediary service. The skill also enables fully automated social media actions without built-in confirmation safeguards, creating risk if the agent is manipulated.

Category Scores

Prompt Injection 88/100 · 30%
Data Exfiltration 55/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 50/100 · 5%

Findings (7)

HIGH Twitter credentials sent to third-party proxy service -30

The login endpoint sends plaintext Twitter credentials (username, email, password) and proxy configuration to api.aisa.one rather than to Twitter's official API. This third-party middleman can intercept, store, or misuse these credentials. Users may not realize their Twitter password is being shared with a service that is not Twitter.

MEDIUM All Twitter data transits through third-party API -15

Every API operation (search, user info, tweets, trends, followers, posts, likes, retweets) routes through api.aisa.one. This service can observe, log, and correlate all user activity including search queries, targeted accounts, and posted content. The AISA_API_KEY is transmitted on every request.

MEDIUM Automated social media actions without confirmation safeguards -25

The skill enables the agent to autonomously post tweets, like content, retweet, and update user profiles without any built-in confirmation mechanism. If the agent is influenced by prompt injection in fetched content (e.g., from searched tweets), it could take unauthorized actions on the user's social media account.

MEDIUM Proxy-based automation suggests ToS-violating patterns -15

The login endpoint accepts a proxy URL parameter, which is a common pattern in social media automation tools that violate platform Terms of Service. This could expose users to account suspension or ban if Twitter/X detects automated proxy-based access.

LOW Skill expands agent external communication surface -12

The skill instructs the agent to make HTTP requests to an external API with user-provided credentials and data. While this is the skill's stated purpose, it creates an expanded attack surface where the agent sends potentially sensitive information to external endpoints.

INFO Python client uses only standard library — no malicious code patterns -5

The twitter_client.py script is a clean, well-structured CLI tool using only Python standard library modules (urllib, json, argparse, os, sys). No dynamic code execution, no shell commands, no file system access beyond reading AISA_API_KEY from environment.

INFO Clean installation with no suspicious behavior -5

Installation consisted only of a git clone. No network connections to unexpected hosts, no filesystem modifications outside the skill directory, no process spawning, and no firewall-blocked attempts.