Trust Assessment
sns-auto-poster received a trust score of 42/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Missing required field: name, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Python variable indirection to hide dangerous calls Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/sa9saq/sns-auto-poster/poster.py:29 | |
| HIGH | Potential data exfiltration: file read + network send Function '_upload_media' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/sa9saq/sns-auto-poster/platforms/x.py:32 | |
| HIGH | Arbitrary File Read via Image Path The skill allows users to specify an arbitrary file path for the `--image` argument when adding a post via `poster.py`. This path is stored in the `queue.json` file and subsequently used by the `platforms/x.py` module's `_upload_media` function. This function directly calls `open(path, 'rb')` with the user-provided path. An attacker could craft a post with `image_path` pointing to sensitive files on the agent's filesystem (e.g., `~/.openclaw/secrets.env`, `/etc/passwd`). While the target API (Twitter) might reject the file as an invalid image, the content of the specified file would be read by the skill, potentially leading to data exfiltration. Implement strict validation for the `image_path` argument. This should involve restricting image paths to a specific, isolated, and non-sensitive directory, or requiring images to be uploaded to a temporary, sandboxed location managed by the agent itself. Additionally, validate the file type and content before attempting to open and upload. Ensure no directory traversal (`..`) is possible in the provided path. | LLM | platforms/x.py:37 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/sns-auto-poster/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/sa9saq/sns-auto-poster/platforms/x.py:2 |
Scan History
Embed Code
[](https://skillshield.io/report/f1394ae54ea16357)
Powered by SkillShield