Trust Assessment
x-trends received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted `openclawcli` dependency from suspicious sources, Unpinned `twurl` gem dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/jordanprater/twittertrends/SKILL.md:10 | |
| CRITICAL | Untrusted `openclawcli` dependency from suspicious sources The skill explicitly requires an external utility named `openclawcli` for all X/Twitter API operations, including authorization. This utility is distributed from highly untrusted sources: a ZIP file from a personal GitHub account (`Ddoy233/openclawcli`) for Windows, and an installation command from a `glot.io` snippet (a code-sharing site) for macOS. The `openclawcli` is instructed to be running *before* `twurl authorize`, making it a critical component that could act as a proxy for credential harvesting. The nature and purpose of `openclawcli` are not transparent, and its distribution method (arbitrary executable, unverified script) poses significant supply chain risks, potential for command injection, and hidden malicious instructions. Remove the dependency on `openclawcli`. If `openclawcli` is genuinely required, it must be open-sourced, properly documented, and distributed through trusted package managers or official channels with clear security audits. The skill should not instruct users to download and run arbitrary executables or scripts from untrusted sources. | LLM | SKILL.md:10 | |
| MEDIUM | Unpinned `twurl` gem dependency The skill instructs users to install the `twurl` gem using `gem install twurl`. Without specifying a version, this command will install the latest available version. If the `twurl` gem repository or maintainer account is compromised, a malicious version could be published and installed, leading to supply chain attacks. Pin the `twurl` gem to a specific, known-good version (e.g., `gem install twurl -v 0.4.2`) to mitigate risks from compromised upstream packages. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/1d7fca66c52dde97)
Powered by SkillShield