Trust Assessment
x-api-poster received a trust score of 36/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Suspicious import: requests, Potential data exfiltration: file read + network send.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary file upload for media leads to data exfiltration The `upload_media` function directly uses `sys.argv` to obtain an `image_path` and then proceeds to open and upload the file at that path to Twitter's media service. There is no validation to ensure the path points to an actual image file or to restrict the file system scope. A compromised AI agent could be manipulated to provide a path to any sensitive file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `~/.openclaw/secrets.env`), leading to its exfiltration to an external service (Twitter). Implement strict validation for `image_path`. This should include restricting allowed directories (e.g., to a temporary upload folder), validating file extensions and/or magic bytes to confirm it's an image, and sanitizing the path to prevent directory traversal. Consider requiring explicit user confirmation for file uploads, especially for paths outside a designated safe zone. | LLM | post.py:107 | |
| HIGH | Potential data exfiltration: file read + network send Function 'upload_media' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/sa9saq/x-api-poster/post.py:95 | |
| HIGH | Unvalidated tweet content allows content injection and potential data exfiltration The `text` argument for tweets is taken directly from `sys.argv[1]` without any validation or sanitization before being posted to X. A compromised AI agent could be manipulated to post sensitive information (e.g., internal system details, user data) or malicious content (e.g., phishing links, harmful messages) to the public X platform. While the `SKILL.md` advises content validation, the script itself does not implement it, making the skill vulnerable to misuse by a malicious or compromised agent. Implement content validation and sanitization for the `text` argument. This could include checking for sensitive patterns (e.g., API keys, common credential formats), implementing a content moderation filter, providing a mechanism for human review/approval before posting, and limiting the length of the text to prevent excessively long posts that might be used for data dumps. | LLM | post.py:160 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/x-api-poster/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/sa9saq/x-api-poster/post.py:13 |
Scan History
Embed Code
[](https://skillshield.io/report/2ad6637a78e24063)
Powered by SkillShield