res-x
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the 'uv' Python package manager from its official source (astral.sh) as a prerequisite. This is a well-known tool for Python dependency management.
- [COMMAND_EXECUTION]: Executes 'security' commands on macOS to interact with the system keychain. This is used for securely storing and retrieving the xAI API key provided by the user, rather than storing it in plain text or environment variables.
- [COMMAND_EXECUTION]: Uses 'subprocess.run' within the Python script to fetch the API key from the keychain at runtime.
- [SAFE]: The skill uses the official xAI Responses API (Grok) to perform searches and fetch tweet content. This is a legitimate use of an AI service's API tools (x_search and web_search) to bypass web scraping protections on X.com.
Audit Metadata