youmind-x-article

Warn

Audited by Socket on Jun 13, 2026

2 alerts found:

AnomalySecurity
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is largely coherent with its stated purpose: it drafts and publishes X posts through the same-org YouMind service, uses only a YouMind API key, and avoids local X credentials. Main risks are npm dependency execution without reviewed code, forwarding credentials into local CLI tooling, and enabling public posting through an external account. Data flow appears consistent with the purpose and does not show clear credential theft or malicious exfiltration.

Confidence: 100%Severity: 60%
SecurityMEDIUM
shared/config.example.yaml
Audit Metadata
Analyzed At
Jun 13, 2026, 12:24 PM
Package URL
pkg:socket/skills-sh/YouMind-OpenLab%2Fskills%2Fyoumind-x-article%2F@529a3c375bae7a550915ebc2ee5d18099238816035cde7c77e0071b61cfabf8c
Security Audit — socket — youmind-x-article