youmind-x-article
Warn
Audited by Socket on Jun 13, 2026
2 alerts found:
AnomalySecurityAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is largely coherent with its stated purpose: it drafts and publishes X posts through the same-org YouMind service, uses only a YouMind API key, and avoids local X credentials. Main risks are npm dependency execution without reviewed code, forwarding credentials into local CLI tooling, and enabling public posting through an external account. Data flow appears consistent with the purpose and does not show clear credential theft or malicious exfiltration.
Confidence: 100%Severity: 60%
Securityshared/config.example.yaml
MEDIUMSecurityMEDIUM
shared/config.example.yaml
Audit Metadata