Trust Assessment
twitter-automation received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Direct remote script execution via curl | sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/okaris/twitter-automation/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/okaris/twitter-automation/SKILL.md:10 | |
| CRITICAL | Direct remote script execution via curl | sh The skill's installation instructions recommend piping a remote script directly to the shell (`curl -fsSL https://cli.inference.sh | sh`). This practice is highly dangerous as it allows arbitrary code execution from the remote server during installation. If the `inference.sh` server or the script itself were compromised, it could lead to a full system compromise for anyone installing the CLI. Recommend a more secure installation method. This could involve verifying a checksum of the downloaded script, using a trusted package manager, or at minimum, advising users to review the script's content before execution. For automated systems, consider sandboxing or using a containerized environment for installation. | LLM | SKILL.md:10 | |
| HIGH | Excessively broad Bash permissions for 'infsh' commands The declared permission `Bash(infsh *)` allows the skill to execute any command starting with `infsh`. While the skill's examples focus on specific `infsh app run` commands for Twitter automation, the wildcard `*` grants permission for any other `infsh` command that might exist or be added in the future. This broad permission increases the attack surface, as `infsh` might have commands with broader system access, file manipulation capabilities, or unintended side effects not directly related to Twitter automation, which could be exploited by a malicious prompt or input. Restrict the `Bash` permission to only the specific `infsh` commands and arguments required for the skill's functionality. For example, instead of `Bash(infsh *)`, specify `Bash(infsh app run x/post-tweet *)`, `Bash(infsh app run x/post-create *)`, etc., if the platform supports such granular control. If not, acknowledge and document the inherent risk of using a broad `infsh *` permission. | LLM | Manifest | |
| MEDIUM | Unpinned 'npx' dependencies in related skills The 'Related Skills' section suggests installing other skills using `npx skills add inference-sh/agent-skills@inference-sh` and similar commands without specifying a precise version number (e.g., `@1.0.0`). This lack of version pinning means that future updates to the `inference-sh/agent-skills` package (or any other referenced package) could introduce breaking changes, vulnerabilities, or even malicious code, which would be automatically executed upon installation without user review. Recommend pinning `npx` dependencies to specific, immutable versions (e.g., `inference-sh/agent-skills@1.2.3`) to ensure reproducibility, prevent unexpected changes, and mitigate the risk of supply chain attacks from upstream package updates. Users should be encouraged to review the specific version's code or changelog before installation. | LLM | SKILL.md:110 |
Scan History
Embed Code
[](https://skillshield.io/report/f5fe979f7c40c345)
Powered by SkillShield