Scan Report
0 /100
social-content
Social media content creation skill for LinkedIn, Twitter/X, Instagram, TikTok, and Facebook
This is a legitimate social media content creation skill with no executable code, no sensitive file access, and no suspicious behavior.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file reads/writes in skill; documentation references are informational only |
| Network | NONE | NONE | — | No network calls; external tool references (Exa, Apify) are documented prompts r… |
| Shell | NONE | NONE | — | No shell commands, scripts, or subprocess usage in any file |
| Environment | NONE | NONE | — | No environment variable access in any file |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation patterns detected |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
5 files · 28.5 KB · 924 lines Markdown 4f · 832L
JSON 1f · 92L
├─
▾
evals
│ └─
evals.json
JSON
├─
▾
references
│ ├─
platforms.md
Markdown
│ ├─
post-templates.md
Markdown
│ └─
reverse-engineering.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ No executable code — all files are documentation (Markdown and JSON)
✓ No scripts, subprocess, or shell commands anywhere in the skill
✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env, etc.)
✓ No credential harvesting or environment variable iteration
✓ No obfuscated code (base64, eval, atob patterns)
✓ No data exfiltration or C2 communication
✓ No supply chain risk — no dependencies, no package files
✓ Documentation accurately describes the skill's purpose (social media content creation)
✓ Referenced external tools (Exa, Apify, Phantom Buster) are legitimate third-party services requiring user-provided credentials
✓ Reference files provide genuine social media strategy guidance with no hidden functionality
✓ The 'node tools/clis/exa.js' shell invocation in reverse-engineering.md is a documented example only — no actual tool exists in the package