xurl
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage follo
40/100
Security score
The xurl skill was audited on Feb 28, 2026 and we found 12 security issues across 4 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 54
Piping content to bash shell
SourceSKILL.md
| 54 | curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash |
medium line 57
Access to hidden dotfiles in home directory
SourceSKILL.md
| 57 | Installs to `~/.local/bin`. If it's not in your PATH, the script will tell you what to add. |
medium line 75
Access to hidden dotfiles in home directory
SourceSKILL.md
| 75 | - Never read, print, parse, summarize, upload, or send `~/.xurl` (or copies of it) to the LLM context. |
medium line 77
Access to hidden dotfiles in home directory
SourceSKILL.md
| 77 | - The user must fill `~/.xurl` with required secrets manually on their own machine. |
medium line 105
Access to hidden dotfiles in home directory
SourceSKILL.md
| 105 | Tokens are persisted to `~/.xurl` in YAML format. Each app has its own isolated tokens. Do not read this file through the agent/LLM. Once authenticated, every command below will auto‑attach the right |
medium line 461
Access to hidden dotfiles in home directory
SourceSKILL.md
| 461 | - **Token storage:** `~/.xurl` is YAML. Each app stores its own credentials and tokens. Never read or send this file to LLM context. |
high line 79
Prompting for password/secret input
SourceSKILL.md
| 79 | - Warn that using CLI secret options in agent sessions can leak credentials (prompt/context, logs, shell history). |
low line 153
External URL reference
SourceSKILL.md
| 153 | > **Post IDs vs URLs:** Anywhere `POST_ID` appears above you can also paste a full post URL (e.g. `https://x.com/user/status/1234567890`) — xurl extracts the ID automatically. |
low line 176
External URL reference
SourceSKILL.md
| 176 | xurl reply https://x.com/user/status/1234567890 "Agreed!" |
low line 193
External URL reference
SourceSKILL.md
| 193 | xurl read https://x.com/user/status/1234567890 |
low line 335
External URL reference
SourceSKILL.md
| 335 | xurl https://api.x.com/2/users/me |
low line 399
External URL reference
SourceSKILL.md
| 399 | xurl read https://x.com/user/status/1234567890 |
Scanned on Feb 28, 2026
View Security Dashboard