canghe-post-to-x

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This SKILL.md describes a plausible automation tool that uses a real Chrome instance and the user's browser session to prepare posts on X. The documented capabilities align with the stated purpose, but there are supply-chain and privilege concerns: the documentation recommends a curl|bash installer for Bun and uses npx -y bun to run scripts — both are download-and-execute patterns that increase attack surface. The skill requires access to a Chrome profile (cookies/session tokens) and elevated OS permissions (Accessibility, clipboard, simulated paste), which are proportionally powerful and could be misused if the actual scripts are malicious or tampered with. Because the actual scripts (scripts/*.ts) are not included here, it is not possible to confirm malicious code; however, the presence of unpinned install commands and execution patterns raises moderate concern. Recommend reviewing the contents of the scripts directory, avoiding executing the curl|bash installer without verification, pinning/installing Bun from a verified source, and auditing any accesses/modifications to profile directories before use. LLM verification: The skill appears to be a legitimate browser-driven X posting automation that requires high privileges (access to Chrome profile, CDP control, clipboard, process control). There is no direct evidence in the provided document of active malicious code, backdoors, or obfuscated payloads, but there are multiple high-risk supply-chain and operational practices: unpinned curl|bash installer recommendations, use of npx -y unpinned packages, reliance on authenticated browser profiles, clipboard automati