skills/aaaaqwq/agi-super-team/xhs-smart-publisher/Snyk

xhs-smart-publisher

Fail

Audited by Snyk on Jun 24, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

Malicious code pattern detected (high risk: 0.90). High risk — the skill intentionally sends page screenshots and status messages to a hard‑coded Telegram group and then acts on Telegram replies to publish/save content, which constitutes deliberate external data exfiltration and a remote‑control channel; reuse of a local browser profile/CDP also risks leaking authentication tokens.

Issues (1)

E006

CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata

Risk Level

CRITICAL

Analyzed

Jun 24, 2026, 08:47 AM

Issues

1

Security Audit — snyk — xhs-smart-publisher