x-report-generator

[Skill Scanner] Installation of third-party script detected Based on the provided skill manifest and README-like description, the project is consistent with a Playwright-based X/Twitter scraper that analyzes and exports reports. There are no explicit signs of malicious code or obfuscation in this text. The primary security concerns are proper handling of cookies/session tokens (credential exposure risk), possible loading of third-party assets in generated HTML, and legal/TOS issues from scraping. To fully rule out exfiltration or other malicious behavior, the actual scripts (scripts/x_report_generator.py and any modules it uses) must be inspected for network calls to non-official domains, logging of secrets, or code that transmits cookies/data to third parties. Recommend code review focusing on cookie handling, network endpoints, and any analytics/telemetry in the report templates. LLM verification: The provided SKILL.md documents a Playwright-based X/Twitter scraping/reporting tool whose declared behavior matches the permissions it requests (cookies, Playwright/browser, filesystem). There is no explicit evidence of malware, backdoors, or obfuscated malicious code within this documentation. However, the package presents moderate security concerns: saving and reusing cookies.json (sensitive session tokens) without secure-storage guidance; unpinned dependency instructions that increase supply