Trust Assessment
x-engagement received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unverified external JavaScript injection via `Runtime.evaluate`, Unpinned Python package dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unverified external JavaScript injection via `Runtime.evaluate` The skill instructs the agent to 'Copy twitter-dom.js contents and inject directly' from an external GitHub URL (https://github.com/ClawdiaETH/twitter-dom-automation) into the browser's DOM via `browser action=act request='{"kind": "evaluate", "fn": "..."}'`. This practice introduces a significant supply chain risk. If the external GitHub repository or the specific `twitter-dom.js` file were compromised, malicious JavaScript could be injected and executed within the agent's browser session (e.g., `x.com`), potentially leading to credential theft, session hijacking, or unauthorized actions. The lack of version pinning or integrity checks means the agent would blindly trust any changes to the external script. Vendor the `twitter-dom.js` file directly within the skill package to ensure its integrity and prevent external modification. Alternatively, if dynamic fetching is strictly necessary, implement cryptographic hash checks against a known good version of the script, and specify a version or commit hash for the GitHub URL to prevent silent, unverified updates. | LLM | SKILL.md:123 | |
| MEDIUM | Unpinned Python package dependencies The skill provides installation instructions for `bird-cli` and `xai-sdk` using `pip install` without specifying exact version numbers. This can lead to non-deterministic builds, unexpected breaking changes, or, in a worst-case scenario, the installation of a malicious package if a package maintainer goes rogue or a package name is hijacked. While this is an example in a rubric, it sets a potentially insecure precedent for agent development. Always pin package versions in installation instructions (e.g., `pip install bird-cli==1.2.3`). For production environments, use a `requirements.txt` or `pyproject.toml` with locked dependencies. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/151327dc80051609)
Powered by SkillShield