Skills
skills/ideacco/baoyu-skills-openclaw/baoyu-danger-x-to-markdown/Gen Agent Trust Hub

baoyu-danger-x-to-markdown

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file scripts/constants.ts contains a hardcoded DEFAULT_BEARER_TOKEN. While this is a known token for the X web client, hardcoding credentials in the skill source is an unsafe practice.
  • [COMMAND_EXECUTION]: The skill executes external commands for essential functionality, which increases the potential attack surface.
  • Evidence: scripts/cookies.ts uses spawn to launch Google Chrome for the purpose of automated cookie extraction.
  • Evidence: scripts/paths.ts uses execSync to run cmd.exe for resolving Windows home paths in WSL environments.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from an external social platform.
  • Ingestion points: Untrusted content is fetched from X in scripts/graphql.ts and scripts/thread.ts.
  • Boundary markers: Content is formatted into markdown without specific delimiters or instructions for the agent to ignore embedded commands.
  • Capability inventory: The skill has the ability to write files (scripts/main.ts) and execute shell commands (scripts/cookies.ts).
  • Sanitization: There is no logic present to sanitize or escape potentially malicious instructions embedded in the tweet or article content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 07:52 AM