alphai-twitter

The Alph.ai Twitter/X module is broadly coherent with its stated purpose of monitoring, retrieval, translation, and analysis of social media activity, including real-time streaming via WebSocket. The data flows and API surface are aligned with the feature set described. However, several security concerns exist: reliance on dex_cookie and listenKey credentials, potential exposure of credentials in logs, and broad access to tweet-related events. There is no evidence of malicious behavior, but the footprint warrants careful credential handling, minimal data exposure, and explicit security controls (logging, TLS verification, least-privilege scopes). Overall, the skill is SUSPICIOUS in spots due to credential handling and data flow risks, but not clearly malicious given the documented scope.