Skill Trust Decision

x-scout

Name: x-scout Trust Review Report
Item: x-scout
Rating: 45
Author: ClawSafe

X-Scout performs undeclared analytics phone-home on every execution and stores credentials in plaintext at ~/.x-scout/config.json, with shell execution via subprocess undocumented in SKILL.md.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 4

Artifacts 13

Violations 2

Findings 6

Most direct threat evidence

User runs setup.sh which silently registers install metadata to clawagents.dev Entry · setup.sh

On every x_scout.py execution, query hashes and metadata are POSTed to clawagents.dev usage · x_scout.py

API keys stored in plaintext at ~/.x-scout/config.json (sensitive path) Persistence · x_scout.py

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

13 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 2 severe findings.

Review

Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

Attack Chain

User runs setup.sh which silently registers install metadata to clawagents.dev

Entry · setup.sh:165

On every x_scout.py execution, query hashes and metadata are POSTed to clawagents.dev

usage · x_scout.py:100

API keys stored in plaintext at ~/.x-scout/config.json (sensitive path)

Persistence · x_scout.py:165

What drove the risk score up

Undeclared analytics phone-home +25

POSTs to clawagents.dev/usage on every run with query hashes, install_id, mode, and result counts. Not declared in SKILL.md.

Undeclared shell execution +15

subprocess.run() used for yt-dlp, ffmpeg, pip install in x_scout.py. setup.sh uses bash and pip. Not declared in allowed-tools or SKILL.md.

Sensitive path credential storage +15

Writes all API keys in plaintext to ~/.x-scout/config.json. No mention in SKILL.md of file write to HOME directory.

Most important evidence

High Data Exfil

Silent phone-home analytics on every execution

x_scout.py reports usage to https://clawagents.dev/reddit-rank/v1/xs/usage on every CLI invocation. Payload includes install_id, version, mode, query_hash (SHA256 of search terms), results count, and timestamp. This behavior is not declared in SKILL.md and sends search queries to an external server.

x_scout.py:100

Document this behavior in SKILL.md or make it opt-in with a --no-analytics flag. Users should be informed that search queries are hashed and sent to clawagents.dev.

High Data Exfil

Setup registration phone-home with API key presence

setup.sh POSTs install metadata to https://clawagents.dev/reddit-rank/v1/xs/register including which optional API keys are configured (has_openrouter, has_cerebras, has_deepgram booleans). This reveals what services the user has enabled.

setup.sh:165

Remove the registration phone-home or declare it prominently in setup.sh output and SKILL.md.

Medium Credential Theft

Plaintext credential storage in sensitive path

All API keys (TWITTERAPI_KEY, OPENROUTER_API_KEY, CEREBRAS_API_KEYS, DEEPGRAM_API_KEY) are written in plaintext to ~/.x-scout/config.json. This is a sensitive path (~/.x-scout) that could be targeted by credential theft malware.

x_scout.py:165

Either use system keychain (keyring) or document this storage location in SKILL.md with a warning about plaintext storage.

Medium Doc Mismatch

Undeclared shell execution via subprocess

SKILL.md does not declare any shell execution capability. However, x_scout.py uses subprocess.run() to execute yt-dlp, ffmpeg, and pip install commands. setup.sh executes bash scripts and pip. This is a mismatch between documented and actual capabilities.

x_scout.py:280

Document shell:WRITE permission and list the tools (yt-dlp, ffmpeg) that will be executed.

Medium Supply Chain

Unpinned dependencies in requirements.txt

requirements.txt specifies 'requests>=2.28.0' and 'python-dotenv>=1.0.0' without upper bounds. This allows dependency confusion or malicious package updates to be installed silently.

requirements.txt:1

Pin exact versions (e.g., requests==2.31.0) to prevent supply chain attacks.

Low Doc Mismatch

Analytics registration endpoint reveals skill branding

The analytics URL 'clawagents.dev/reddit-rank/v1/xs/...' contains 'reddit-rank' which suggests this code may have been adapted from a Reddit-focused tool. SKILL.md branding as 'X-Scout' for Twitter scraping appears different from the analytics endpoint naming.

setup.sh:15

Use consistent branding in analytics endpoints.

Declared capability vs actual capability

Filesystem Block

Declared NONE

→

Inferred WRITE

x_scout.py:~100 writes ~/.x-scout/config.json

Network Pass

Declared READ

→

Inferred READ+WRITE

x_scout.py:~100 POSTs analytics to clawagents.dev

Shell Block

Declared NONE

→

Inferred WRITE

x_scout.py:subprocess.run for yt-dlp/ffmpeg

Environment Pass

Declared READ

→

Inferred READ

os.environ.get for API keys

Suspicious artifacts and egress

Medium External URL

https://clawagents.dev/x-scout

SKILL.md:15

Medium External URL

https://x.com/user/status/123456

SKILL.md:59

Medium External URL

https://clawagents.dev/reddit-rank/v1/xs/register

setup.sh:8

Medium External URL

https://twitterapi.io

setup.sh:109

Medium External URL

https://openrouter.ai$

setup.sh:125

Medium External URL

https://cerebras.ai

setup.sh:137

Medium External URL

https://deepgram.com

setup.sh:149

Medium External URL

https://x.com/user/status/123\

setup.sh:223

Medium External URL

https://api.twitterapi.io/twitter

x_scout.py:67

Medium External URL

https://openrouter.ai/api/v1

x_scout.py:71

Medium External URL

https://api.cerebras.ai/v1/chat/completions

x_scout.py:75

Medium External URL

https://clawagents.dev/reddit-rank/v1/xs/usage

x_scout.py:97

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
requests	`>=2.28.0`	pip	No	Version not pinned, only lower bound specified
python-dotenv	`>=1.0.0`	pip	No	Version not pinned, only lower bound specified

File composition

4 files · 1566 lines

Python 1 files · 1228 linesShell 1 files · 225 linesMarkdown 1 files · 111 linesText 1 files · 2 lines

Files of concern · 4

x_scout.py Python · 1228 lines

Silent phone-home analytics on every execution · Plaintext credential storage in sensitive path · Undeclared shell execution via subprocess · https://api.twitterapi.io/twitter · https://openrouter.ai/api/v1 · https://api.cerebras.ai/v1/chat/completions · https://clawagents.dev/reddit-rank/v1/xs/usage · https://api.deepgram.com/v1/listen

setup.sh Shell · 225 lines

Setup registration phone-home with API key presence · Analytics registration endpoint reveals skill branding · https://clawagents.dev/reddit-rank/v1/xs/register · https://twitterapi.io · https://openrouter.ai$ · https://cerebras.ai · https://deepgram.com · https://x.com/user/status/123\

SKILL.md Markdown · 111 lines

https://clawagents.dev/x-scout · https://x.com/user/status/123456

requirements.txt Text · 2 lines

Unpinned dependencies in requirements.txt

Security positives

No base64-encoded execution or obfuscated code detected

No direct IP network requests or C2 communication patterns

No credential exfiltration (keys used only for API calls, not sent elsewhere)

No attempts to access ~/.ssh, ~/.aws, or other credential paths

No reverse shell or RCE attempts

Error handling is present (timeouts, try/catch blocks)

API keys read from environment are not transmitted to analytics