tweetsmash-api
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is designed to interact with the official TweetSmash API. It recommends using the
TWEETSMASH_API_KEYenvironment variable for authentication, which is a secure practice for managing API credentials. - [COMMAND_EXECUTION]: The skill includes a local script,
scripts/build-bookmarks-url.py, which is used to generate properly encoded URLs for API queries. This script uses standard Python libraries and does not perform any network operations or external code execution. - [DATA_EXFILTRATION]: All network requests are directed to the service's official domain at
api.tweetsmash.com. There is no evidence of sensitive data being sent to unauthorized or unknown external domains.
Audit Metadata