Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- index.js:109
Security audit
Security checks across malware telemetry and agentic risk
This tweet-scraping skill has a clear purpose, but its code can execute shell commands from unvalidated inputs and relies on unbundled external scraping components.
Avoid installing this skill until the command-execution issue and missing external scraper dependency are fixed. If you still test it, run it only in an isolated sandbox, do not pass untrusted URLs or usernames, and do not configure billing credentials unless you have verified the publisher and payment flow.
66/66 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec