threads-growth-skill
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires users to export authentication session cookies from a browser extension and save them to a local file named
cookies.json. This exposes high-value credentials that provide full access to the user's Threads account.- [REMOTE_CODE_EXECUTION]: The installation instructions direct users to clone a repository from an unverified external source (https://github.com/krumjahn/threads-growth-skill) and immediately execute shell scripts from within that directory.- [COMMAND_EXECUTION]: The skill utilizes shell scripts (setup.sh,scrape_insights.sh) for its operations. It also installs a bi-weekly cron job to the user's system to ensure the scraper runs automatically in the background.- [DATA_EXFILTRATION]: The skill is designed to scrape and store private Threads Insights data, including reach, engagement, and post content, into local files for processing.
Recommendations
- AI detected serious security threats
Audit Metadata