Is etherlect/twit-mcp safe?

https://github.com/openclaw/skills/tree/main/skills/etherlect/twit-mcp

91
SAFE

This skill provides legitimate Twitter/X data access through a micropayment system. The main security consideration is the requirement for a wallet private key, which is clearly documented and necessary for the payment functionality. No malicious behavior or code execution risks were detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (2)

MEDIUM Wallet private key requirement -20

The skill requires access to a wallet private key via WALLET_PRIVATE_KEY environment variable for cryptocurrency payments. While documented and necessary for functionality, this creates exposure risk if the external API is compromised.

LOW Micropayment financial risk -15

The skill automatically charges $0.0025-$0.01 USDC per API call, which could result in unexpected costs with heavy usage. Users should monitor usage to avoid excessive charges.