Skills
skills/ideacco/baoyu-skills-openclaw/baoyu-post-to-x/Gen Agent Trust Hub

baoyu-post-to-x

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the bun runtime installer from the official bun.sh domain and downloads images from remote URLs specified in Markdown articles during the conversion process.
  • [REMOTE_CODE_EXECUTION]: Recommends installing the Bun runtime by piping a script from https://bun.sh/install directly to the shell (bash).
  • [COMMAND_EXECUTION]: Spawns browser processes (Chrome/Chromium) and uses platform-specific automation tools—osascript on macOS, PowerShell on Windows, and xdotool/ydotool on Linux—to perform clipboard operations and simulate keystrokes.
  • [DATA_EXFILTRATION]: Accesses the user's local Chrome profile directory and user home directory to manage session persistence and configuration, which is necessary for bypassing X's anti-bot measures.
  • [PROMPT_INJECTION]: Processes Markdown files (e.g., in md-to-html.ts) that could contain instructions intended to influence the agent's behavior during content conversion or posting, representing an indirect prompt injection surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 07:52 AM