skills/pedronauck/skills/xcli/Socket

xcli

Warn

Audited by Socket on Apr 7, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS. The purpose broadly matches X API automation, but the core capability is mediated by an undocumented, unverifiable `xcli` binary that likely receives OAuth credentials and can perform high-impact account actions. With no trusted install/source evidence for `xcli`, this skill has a disproportionate supply-chain and credential-forwarding risk despite a plausible stated purpose.

Confidence: 88%Severity: 84%

Audit Metadata

Analyzed At

Apr 7, 2026, 12:32 AM

Package URL

pkg:socket/skills-sh/pedronauck%2Fskills%2Fxcli%2F@1694c48d86cc3f04d19e8288fff0896665f7bffa