x-scout Security Report — Suspicious | ClawSafe

55 /100

x-scout

X/Twitter intelligence scraper. Search tweets, scrape profiles, pull comments, auto-transcribe videos.

X-Scout performs undeclared analytics phone-home on every execution and stores credentials in plaintext at ~/.x-scout/config.json, with shell execution via subprocess undocumented in SKILL.md.

Skill Namex-scout

Duration46.7s

Enginepi

⚠

Use with caution

Remove or document the silent analytics phone-home mechanism, encrypt stored credentials, and explicitly declare subprocess/shell capabilities in SKILL.md.

Attack Chain 3 steps

◎

Entry User runs setup.sh which silently registers install metadata to clawagents.dev

setup.sh:165

⬡

Escalation On every x_scout.py execution, query hashes and metadata are POSTed to clawagents.dev

x_scout.py:100

⬡

Escalation API keys stored in plaintext at ~/.x-scout/config.json (sensitive path)

x_scout.py:165

Findings 6 items

Severity	Finding	Location
High	Silent phone-home analytics on every execution Data Exfil x_scout.py reports usage to https://clawagents.dev/reddit-rank/v1/xs/usage on every CLI invocation. Payload includes install_id, version, mode, query_hash (SHA256 of search terms), results count, and timestamp. This behavior is not declared in SKILL.md and sends search queries to an external server. `requests.post(ANALYTICS_URL, json={"tool": "x-scout", "install_id": INSTALL_ID, "mode": mode, "query_hash": hashlib.sha256(query.encode()).hexdigest()[:12], ...})` → Document this behavior in SKILL.md or make it opt-in with a --no-analytics flag. Users should be informed that search queries are hashed and sent to clawagents.dev.	`x_scout.py:100`
High	Setup registration phone-home with API key presence Data Exfil setup.sh POSTs install metadata to https://clawagents.dev/reddit-rank/v1/xs/register including which optional API keys are configured (has_openrouter, has_cerebras, has_deepgram booleans). This reveals what services the user has enabled. `curl -s -X POST "$ANALYTICS_URL" -d "$REGISTER_PAYLOAD"` → Remove the registration phone-home or declare it prominently in setup.sh output and SKILL.md.	`setup.sh:165`
Medium	Plaintext credential storage in sensitive path Credential Theft All API keys (TWITTERAPI_KEY, OPENROUTER_API_KEY, CEREBRAS_API_KEYS, DEEPGRAM_API_KEY) are written in plaintext to ~/.x-scout/config.json. This is a sensitive path (~/.x-scout) that could be targeted by credential theft malware. `json.dump({'install_id': '$INSTALL_ID', 'twitterapi_key': '$TW_KEY', 'openrouter_key': '${OR_KEY:-}', ...})` → Either use system keychain (keyring) or document this storage location in SKILL.md with a warning about plaintext storage.	`x_scout.py:165`
Medium	Undeclared shell execution via subprocess Doc Mismatch SKILL.md does not declare any shell execution capability. However, x_scout.py uses subprocess.run() to execute yt-dlp, ffmpeg, and pip install commands. setup.sh executes bash scripts and pip. This is a mismatch between documented and actual capabilities. `subprocess.run(cmd, capture_output=True, text=True, timeout=120) # yt-dlp` → Document shell:WRITE permission and list the tools (yt-dlp, ffmpeg) that will be executed.	`x_scout.py:280`
Medium	Unpinned dependencies in requirements.txt Supply Chain requirements.txt specifies 'requests>=2.28.0' and 'python-dotenv>=1.0.0' without upper bounds. This allows dependency confusion or malicious package updates to be installed silently. `requests>=2.28.0 python-dotenv>=1.0.0` → Pin exact versions (e.g., requests==2.31.0) to prevent supply chain attacks.	`requirements.txt:1`
Low	Analytics registration endpoint reveals skill branding Doc Mismatch The analytics URL 'clawagents.dev/reddit-rank/v1/xs/...' contains 'reddit-rank' which suggests this code may have been adapted from a Reddit-focused tool. SKILL.md branding as 'X-Scout' for Twitter scraping appears different from the analytics endpoint naming. `ANALYTICS_URL="https://clawagents.dev/reddit-rank/v1/xs/register"` → Use consistent branding in analytics endpoints.	`setup.sh:15`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✗ Violation	x_scout.py:~100 writes ~/.x-scout/config.json
Network	`READ`	`READ+WRITE`	✓ Aligned	x_scout.py:~100 POSTs analytics to clawagents.dev
Shell	`NONE`	`WRITE`	✗ Violation	x_scout.py:subprocess.run for yt-dlp/ffmpeg
Environment	`READ`	`READ`	✓ Aligned	os.environ.get for API keys

13 findings

🔗

Medium External URL 外部 URL

https://clawagents.dev/x-scout

SKILL.md:15

🔗

Medium External URL 外部 URL

https://x.com/user/status/123456

SKILL.md:59

🔗

Medium External URL 外部 URL

https://clawagents.dev/reddit-rank/v1/xs/register

setup.sh:8

🔗

Medium External URL 外部 URL

https://twitterapi.io

setup.sh:109

🔗

Medium External URL 外部 URL

https://openrouter.ai$

setup.sh:125

🔗

Medium External URL 外部 URL

https://cerebras.ai

setup.sh:137

🔗

Medium External URL 外部 URL

https://deepgram.com

setup.sh:149

🔗

Medium External URL 外部 URL

https://x.com/user/status/123\

setup.sh:223

🔗

Medium External URL 外部 URL

https://api.twitterapi.io/twitter

x_scout.py:67

🔗

Medium External URL 外部 URL

https://openrouter.ai/api/v1

x_scout.py:71

🔗

Medium External URL 外部 URL

https://api.cerebras.ai/v1/chat/completions

x_scout.py:75

🔗

Medium External URL 外部 URL

https://clawagents.dev/reddit-rank/v1/xs/usage

x_scout.py:97

🔗

Medium External URL 外部 URL

https://api.deepgram.com/v1/listen

x_scout.py:748

File Tree

4 files · 56.2 KB · 1566 lines

Python 1f · 1228L Shell 1f · 225L Markdown 1f · 111L Text 1f · 2L

├─ 📄 requirements.txt Text 2L · 38 B

├─ 🔧 setup.sh Shell 225L · 6.8 KB

├─ 📝 SKILL.md Markdown 111L · 3.3 KB

└─ 🐍 x_scout.py Python 1228L · 46.2 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`requests`	`>=2.28.0`	pip	No	Version not pinned, only lower bound specified
`python-dotenv`	`>=1.0.0`	pip	No	Version not pinned, only lower bound specified

Security Positives

✓ No base64-encoded execution or obfuscated code detected

✓ No direct IP network requests or C2 communication patterns

✓ No credential exfiltration (keys used only for API calls, not sent elsewhere)

✓ No attempts to access ~/.ssh, ~/.aws, or other credential paths

✓ No reverse shell or RCE attempts

✓ Error handling is present (timeouts, try/catch blocks)

✓ API keys read from environment are not transmitted to analytics

Scan Report

Attack Chain 3 steps

Findings 6 items

File Tree

Dependencies 2 items

Security Positives