twitter-thread-creation

The skill aims to generate and post Twitter/X threads via a CLI, which is coherent with its stated purpose. However, it relies on a remote curl|bash download to install a binary from an unverifiable source, coupled with a checksum file, introducing a significant supply-chain and execution risk. The data flow for credentials is underspecified; if credentials are passed to the downloaded binary, this becomes a credential-exposure risk. Given the presence of an unquestioned download-execute pattern and unverifiable binary, this skill should be classified as suspicious until a verifiable, signed distribution path (e.g., official package registry, verifiable source, and explicit credential handling) is provided. Overall risk: suspicious.