x-research

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's stated purpose and capabilities are consistent and appropriate for an X research agent. I found no indicators of malware or deliberate credential harvesting in the SKILL.md content. The main security concerns are operational: (1) the recommendation to 'source' a global env file (which may expose more secrets than necessary), (2) arbitrary web_fetch of linked URLs (normal for research but requires safe fetch practices), and (3) heartbeat/notification semantics (who receives notifications should be explicit). Overall risk is moderate but acceptable if operators follow best practices (limit env exposure, sandbox web fetches, and configure notifications explicitly). LLM verification: This SKILL.md appears to describe a legitimate X/Twitter research CLI skill. The documented capabilities match the stated purpose. The primary security concern is operational: the instruction to 'source ~/.config/env/global.env' is broad and can expose unrelated environment variables if users place multiple secrets there. Also, the implementation files (lib/api.ts, x-search.ts) are not provided, so network endpoints and exact credential usage cannot be verified. Based on the provided fragment al