agent-x402

[Skill Scanner] URL with free hosting platform or high-abuse TLD detected All findings: [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] This skill is functionally coherent with its stated purpose (a pay-per-request proxy to retrieve social media data using an 'awal' wallet/CLI). However, it exhibits several supply-chain and privacy risks: it depends on npx to download-and-run an unpinned third-party CLI, routes requests/payments through a private omniapi/awal backend hosted on railway.app (not official Twitter/Instagram endpoints), and requires the agent/user to delegate wallet/authentication to that third-party. These factors create a moderate-to-high supply-chain and data-exposure risk (credential/payment metadata and query contents are routed through the provider). I do not see clear evidence of embedded malware in the document itself, but the download-and-execute pattern and centralized proxying of credentials/payments are high-risk operational behaviors and warrant caution. LLM verification: The approach is coherent for a paid, credentialless-style API gateway but carries notable supply-chain and operational risks due to dependency on an external wallet CLI and a third-party hosting backend. Treat as SUSPICIOUS to HIGHER due to autonomous payment flows and external dependencies; require risk mitigation: independent hosting audits, wallet-CLI trust assurance, data-handling transparency, and explicit safeguards for accidental or malicious autonomous use.