Security Audit

Twitter Command Center (Search + Post)

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Twitter Command Center (Search + Post) received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Login function transmits user password alongside user-controlled proxy setting.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Login function transmits user password alongside user-controlled proxy setting The `TwitterClient.login` method in `scripts/twitter_client.py` and its corresponding command-line interface (`python twitter_client.py login`) accept both a `password` and a `proxy` argument. These values are bundled together in the JSON payload and sent to the `https://api.aisa.one/apis/v1/twitter/user_login_v3` endpoint. While the `python_client.py` itself does not directly route its own request through the user-provided proxy, it transmits the user's sensitive login credentials (username, email, password) along with a user-controlled `proxy` string to a third-party API. If the `aisa.one` API were compromised, malicious, or if it uses the provided `proxy` parameter to route the actual Twitter login request, this design could lead to the interception and harvesting of user credentials by an attacker who provides a malicious proxy URL. This creates an unnecessary risk by allowing an untrusted proxy configuration to be associated with sensitive login data. The `proxy` argument should be removed from the `login` method and its CLI. If proxy functionality is required for the AIsa API to perform Twitter logins, it should be configured securely on the AIsa platform itself, not supplied by the end-user alongside credentials. Alternatively, if a proxy must be user-configurable, it should be managed separately from credential submission and subject to strict validation (e.g., whitelisting trusted proxy endpoints) to prevent malicious redirection.	LLM	scripts/twitter_client.py:110
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/bowen-dotcom/aisa-twitter-skill/scripts/twitter_client.py:24

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0992c2471eeb09e0.svg)](https://skillshield.io/report/0992c2471eeb09e0)