Trust Assessment
x-automation received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 5 critical, 2 high, 3 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/nightfullstar/x-automation/scripts/auto-tweet.js:18 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/nightfullstar/x-automation/scripts/post-approved.js:12 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/nightfullstar/x-automation/scripts/post-single.js:12 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/nightfullstar/x-automation/scripts/post.js:13 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/nightfullstar/x-automation/scripts/trends.js:14 | |
| HIGH | LLM Prompt Injection via Untrusted External Trend Data The `scripts/generate-ideas.js` script scrapes trending topics from X.com and then explicitly outputs them in a structured JSON format (`---TRENDS_JSON---`) for the host LLM to process and generate tweet ideas. If a trending topic on X.com contains a malicious prompt injection payload, it could manipulate the LLM's behavior, leading to unintended actions, generation of harmful content, or attempts to exfiltrate sensitive data if the LLM has access to other tools. Implement robust input sanitization or a separate LLM safety layer for any external data (like trending topics) before it is fed to the primary LLM for processing and generation. The LLM should be instructed to treat the trend data as factual information only, not as instructions. | LLM | scripts/generate-ideas.js:30 | |
| HIGH | Broad Browser Session Control via CDP Connection The skill connects to an existing Chromium browser instance via the Chrome DevTools Protocol (CDP) using `chromium.connectOverCDP('http://127.0.0.1:18792')`. This grants the skill full programmatic control over the browser session, including any logged-in accounts (e.g., X.com, email, banking, etc.) if the user uses the same browser for sensitive activities. While this is a core feature for the skill's functionality (bypassing API costs), it represents a high-risk attack surface if the skill itself were compromised or contained malicious code. Users should be explicitly warned about the broad access granted to the browser session. Consider using a dedicated, isolated browser profile for this skill to minimize the risk of session hijacking for other sensitive accounts. Implement strict sandboxing for the skill's execution environment. | LLM | scripts/auto-tweet.js:14 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/nightfullstar/x-automation/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'playwright' is not pinned to an exact version ('^1.40.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/nightfullstar/x-automation/package.json | |
| MEDIUM | LLM Prompt Injection via User-Provided Tweet Content The skill's usage example in `SKILL.md` (`"Post this tweet: <your text>"`) indicates that the host LLM will receive user-provided text and pass it to the `scripts/post.js` for direct posting. If the user-provided `<your text>` contains prompt injection instructions, the LLM could be manipulated to alter its behavior, generate unintended content, or perform actions beyond simply passing the text to the script. Implement robust input validation and sanitization for user-provided tweet text before it is processed by the LLM. The LLM should be explicitly instructed to treat the input as literal text for posting, not as instructions. | LLM | SKILL.md:59 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/nightfullstar/x-automation/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/6daaa3658e9a713d)
Powered by SkillShield