baoyu-post-to-x

Warn

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of platform-specific CLI tools to simulate user interaction and manage the system clipboard.
  • Uses osascript on macOS to activate applications and send real 'Cmd+V' keystrokes to the browser.
  • Uses powershell.exe on Windows to interact with System.Windows.Forms.Clipboard and SendKeys.
  • Uses xdotool (X11) or ydotool (Wayland) on Linux for keystroke simulation.
  • Uses pgrep and pkill to manage Chrome processes.
  • Uses swift to execute dynamically generated code for image/HTML clipboard operations on macOS.
  • [EXTERNAL_DOWNLOADS]: The scripts/md-to-html.ts script contains a downloadFile function that fetches images from arbitrary HTTPS URLs provided in Markdown content.
  • Images are saved to a temporary directory (/tmp/x-article-images) before being processed.
  • The logic verifies the protocol is HTTPS and follows up to 5 redirects.
  • [REMOTE_CODE_EXECUTION]: The skill instructions and scripts rely on npx -y bun to run the core logic, which involves downloading the Bun runtime if it is not already present on the system.
  • [COMMAND_EXECUTION]: Potential command injection risk in scripts/paste-from-clipboard.ts where the --app argument is directly interpolated into an AppleScript string (tell application "${targetApp}") executed via osascript. While the agent is intended to provide the app name, this pattern is generally fragile.
  • [DYNAMIC_EXECUTION]: The skill dynamically generates and executes Swift source code at runtime to handle clipboard operations on macOS in scripts/copy-to-clipboard.ts and scripts/check-paste-permissions.ts. While the Swift code itself uses safe argument handling, the runtime generation of executable scripts is a significant capability.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 21, 2026, 07:45 AM
Security Audit — agent-trust-hub — baoyu-post-to-x