xactions-mcp-server
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the xactions-mcp package from the NPM registry via npx. This code is not contained within the skill and is managed by an external author (nichxbt).
- [COMMAND_EXECUTION]: Executes shell commands to configure client software (Claude, Cursor, Windsurf, VS Code) and runs the MCP server using npx.
- [CREDENTIALS_UNSAFE]: Requires the user to provide their XACTIONS_SESSION_COOKIE (auth_token). This token grants complete authenticated access to the user's Twitter/X account, including private data and the ability to perform actions.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from an external platform and possesses capabilities to perform actions based on agent logic. 1. Ingestion points: x_get_profile, x_get_tweets, x_search_tweets, x_get_conversations. 2. Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the provided instructions. 3. Capability inventory: x_post_tweet, x_follow, x_send_dm, x_update_profile. 4. Sanitization: No sanitization or validation of external content is specified before the data is processed by the agent.
Audit Metadata