post-to-x

Overall, the skill presents a coherent, purpose-aligned toolset for posting to X with support for text, images, and X Articles. The use of a real Chrome session to bypass automation checks is controversial but consistent with the stated purpose. Trust in install sources is reasonable (bun and local scripts), but the approach raises privacy and policy concerns due to persistent login state and clipboard handling. The data flows are mostly contained to the user’s account and X posting endpoints, with no clear evidence of unintended exfiltration, though credential/state handling should be clarified and hardened (e.g., explicit cleanup, scoped permissions). Given the combination of legitimate functionality and potential evasion of bot-detection safeguards, this should be considered SUSPICIOUS rather than benign, with attention to consent, policy compliance, and secure handling of credentials and clipboard data.