opentwitter

SUSPICIOUS: the skill's basic capability matches its purpose, and its install footprint is small, but it routes all Twitter-related access and the required bearer token through a third-party 6551 service rather than official X APIs. The biggest concerns are credential forwarding to an intermediary, token-in-query-string for WebSocket auth, and remote state-changing watchlist actions; this is more a third-party trust and data-flow risk than confirmed malware.