Trust Assessment
baoyu-post-to-x received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Sensitive environment variable access: $HOME, AppleScript Injection via 'targetApp' parameter in paste-from-clipboard.ts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/liuhedev/baoyu-post-to-x/scripts/x-utils.ts:116 | |
| CRITICAL | AppleScript Injection via 'targetApp' parameter in paste-from-clipboard.ts The `pasteMac` function in `scripts/paste-from-clipboard.ts` constructs an AppleScript command string by directly interpolating the user-controlled `targetApp` parameter. An attacker can inject arbitrary AppleScript commands by providing a malicious `targetApp` value (e.g., by including double quotes and AppleScript commands), leading to arbitrary command execution on macOS systems. This function is called by `pasteFromClipboard` in `x-utils.ts`, which is used by `x-browser.ts` and `x-article.ts`. Properly escape the `targetApp` string before interpolating it into the AppleScript command. For example, replace double quotes with `\"` or use a safer method to pass arguments to AppleScript, such as passing them as separate arguments to `osascript` if supported, or using a more robust escaping mechanism. | LLM | scripts/paste-from-clipboard.ts:80 | |
| CRITICAL | Arbitrary Executable Execution via 'X_BROWSER_CHROME_PATH' environment variable or 'chromePath' option The `findChromeExecutable` function in `scripts/x-utils.ts` prioritizes the `X_BROWSER_CHROME_PATH` environment variable (or `options.chromePath` passed to the main scripts) to determine the Chrome executable path. If an attacker can control this environment variable or option, they can specify an arbitrary executable (e.g., `/bin/bash -c "rm -rf /"`), leading to arbitrary command execution when the skill attempts to launch Chrome. This vulnerability affects `x-article.ts`, `x-browser.ts`, `x-quote.ts`, and `x-video.ts`. Restrict the `chromePath` option and `X_BROWSER_CHROME_PATH` environment variable to a whitelist of known, safe Chrome executable paths. Alternatively, validate that the path points to a legitimate browser executable and not an arbitrary script or malicious binary, and ensure it is not interpreted as multiple arguments by the `spawn` call. | LLM | scripts/x-utils.ts:60 | |
| HIGH | Server-Side Request Forgery (SSRF) via Markdown Image URLs in md-to-html.ts The `downloadFile` function in `scripts/md-to-html.ts` (used by `scripts/x-article.ts`) fetches images from URLs specified in Markdown content. An attacker can provide a malicious URL (e.g., `http://localhost:8080/admin` or `http://169.254.169.254/latest/meta-data/`) to probe internal networks, access local services, or potentially trigger actions on internal systems. While the downloaded content is saved locally, the request itself can be used for reconnaissance or attack. Implement strict URL validation for image sources in Markdown. Only allow images from trusted domains or enforce a whitelist of allowed protocols and hosts. Consider proxying image downloads through a service that can enforce these policies and prevent access to internal IP ranges or sensitive domains. | LLM | scripts/md-to-html.ts:60 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/liuhedev/baoyu-post-to-x/SKILL.md:34 |
Scan History
Embed Code
[](https://skillshield.io/report/93b11e1810f37ed9)
Powered by SkillShield