baoyu-post-to-x

Warn

Audited by Socket on May 29, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/x-utils.ts

No explicit network exfiltration or backdoor mechanism is present in this fragment. However, it (a) retrieves highly sensitive X/Twitter authentication cookies via Chrome DevTools Protocol and (b) executes bundled clipboard scripts via npx/bun using child_process with inherited stdio, which is a meaningful risk surface for clipboard data theft or other local actions depending on the referenced scripts. There is also OS command execution for WSL path resolution. Overall: suspicious for sensitive credential handling and clipboard access, but direct malicious behavior cannot be confirmed without the invoked scripts.

Confidence: 66%Severity: 55%
Audit Metadata
Analyzed At
May 29, 2026, 05:49 AM
Package URL
pkg:socket/skills-sh/JimLiu%2Fbaoyu-skills%2Fbaoyu-post-to-x%2F@359ab2445d8f4878fe99e7ecdb0492e0d61cc908
Security Audit — socket — baoyu-post-to-x