Is x-algorithm safe?

https://clawhub.ai/NextFrontierBuilds/x-algorithm

89
SAFE

This skill is a pure documentation/reference skill containing X (Twitter) algorithm tips and content strategy advice in markdown format. It contains no executable code, no install scripts, no data exfiltration mechanisms, and no prompt injection attempts. The only concerns are behavioral: the skill encourages engagement-farming tactics (controversy, FOMO hooks, high-frequency posting) that could lead an AI agent to produce manipulative social media content when asked to write posts.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (7)

LOW Behavioral guidance without explicit user consent -10

The skill provides strategic advice on content creation (e.g., 'Controversy drives engagement', 'Hot takes — polarizing opinions') that could influence an agent to generate manipulative or inflammatory content on behalf of the user without the user explicitly requesting such a tone. This is soft behavioral steering rather than direct prompt injection.

LOW Manipulative content templates embedded in skill -8

The skill includes hook patterns designed to exploit psychological vulnerabilities (insecurity, FOMO, urgency). An agent following these instructions could produce manipulative marketing content. While this is the stated purpose of the skill, it represents a mild behavioral concern.

LOW External network connection during install to clawhub registry -10

During installation, the VM made an outbound HTTPS connection to 216.150.1.1:443, which is the ClawHub registry server used for skill resolution and download. This is expected behavior for skill installation and not indicative of malicious activity.

MEDIUM Agent may produce spam-like or manipulative social media content -25

If this skill is active and a user asks the agent to write tweets or social media posts, the agent will follow the embedded strategies which encourage high-frequency posting (5-30 posts/day), controversy-driven engagement, psychological manipulation hooks (FOMO, insecurity), and the 'Reply Guy Strategy'. While individually these are common social media marketing tactics, an AI agent following all of them simultaneously could produce content that borders on spam or manipulation. The skill is benign in isolation but could amplify harmful social media behaviors when combined with automation tools.

INFO No executable code, install scripts, git hooks, or symlinks detected 0

The skill consists entirely of a SKILL.md markdown file, a package.json with no scripts, a README, and metadata files. There are no executable files, no npm lifecycle scripts (preinstall/postinstall), no git hooks, no git submodules, and no symlinks. The package.json 'main' points to SKILL.md.

INFO All canary files intact 0

No honeypot files (.env, SSH keys, AWS credentials, .npmrc, Docker config, GCloud credentials) were accessed or modified during installation. The sha256sum verification of canary files shows no tampering.

INFO No data exfiltration attempts detected 0

The skill contains no references to external URLs that an agent should fetch, no instructions to read sensitive files, no encoding or exfiltration mechanisms, and no attempts to access files outside the skill directory. Network monitoring confirmed no suspicious outbound connections beyond the expected ClawHub registry call.