baoyu-danger-x-to-markdown

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill's stated purpose aligns with the capabilities described (converting tweets/articles and optionally downloading media). However, it requires sensitive credentials (X_AUTH_TOKEN, X_CT0) and access to browser cookies, and it instructs running the tool via an unpinned npx -y bun invocation (download-and-execute). The reverse-engineered API and lack of explicit endpoint/transport details increase risk because credentials could be used incorrectly or forwarded to third parties. Without the actual scripts/main.ts implementation I cannot confirm malicious behavior, but the combination of credential access + unpinned runtime fetch raises supply-chain and credential-harvesting risk. Recommend reviewing the script source (scripts/main.ts) and any packages pulled by npx/bun before trusting. Treat as SUSPICIOUS and exercise caution (do not supply tokens or allow automatic Chrome cookie access until code is audited). LLM verification: The skill's stated purpose aligns with most of its requested capabilities (reading URLs, fetching tweets, saving markdown, optional media download). However, there are moderate supply-chain and privacy risks: it relies on a reverse-engineered API (fragile), suggests running via npx -y bun (download-and-execute pattern), and includes a Chrome-automation fallback that may access browser cookies. Those behaviors are proportionate only if the user explicitly accepts and understands the risks, but wi