Is atyachin/twitter-api-alternative safe?

https://github.com/openclaw/skills/tree/main/skills/atyachin/twitter-api-alternative

83
SAFE

This skill is a documentation wrapper for the Xpoz MCP social media search service. It contains no embedded code, no prompt injection techniques, and no attempts to access sensitive files. The primary risks are supply-chain in nature: an opaque npm binary (mcporter) is installed and all data flows through third-party Xpoz servers, requiring trust in both the npm package and the external service.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (7)

MEDIUM Opaque npm binary installation (mcporter) -20

The skill requires installing the mcporter npm package which provides a binary executable. npm packages can contain preinstall/postinstall scripts that execute arbitrary code during installation. The mcporter binary itself is opaque and cannot be statically verified from the skill files alone.

MEDIUM All data routed through third-party Xpoz servers -15

Every search query, profile lookup, and data export flows through mcp.xpoz.ai. Users have no control over what Xpoz logs or retains. The mcporter binary is the sole intermediary and its data handling cannot be verified from the skill files.

LOW Large CSV exports through external service -10

The skill advertises CSV exports of up to 64K rows (38MB). Export download URLs are generated by and hosted on Xpoz infrastructure, meaning large datasets pass through third-party servers.

LOW Dependency chain to unaudited xpoz-setup skill -10

The skill delegates all authentication to the xpoz-setup skill, which handles OAuth 2.1 flow. The security posture of this skill inherits whatever risks exist in xpoz-setup, creating a chain-of-trust dependency.

LOW External binary executes network calls -10

The mcporter binary, once installed, makes authenticated network calls to mcp.xpoz.ai. While this is the skill's intended functionality, it represents a persistent executable with network access that could be updated or modified outside the user's control.

INFO Lock file references unrelated skill -3

The .clawhub/lock.json references academic-research-hub v0.1.0 rather than the declared xpoz-setup dependency. This is likely a pre-existing artifact rather than a security concern, but indicates the lock file may not accurately reflect the skill's dependency tree.

INFO Clean installation with expected network traffic only -5

Clone and installation produced no unexpected network connections or process executions. All observed traffic corresponds to GitHub (git clone), npm registry (Cloudflare CDN), and standard Ubuntu system services.