twitter-scraper

SUSPICIOUS: the skill's purpose and basic data flow are coherent, but it relies on a non-Apify third-party actor and forwards the user's Apify token to that actor via Apify. This is not confirmed malware and does not show hidden exfiltration, but the third-party runtime dependency and lack of pinning make it a moderate-risk skill rather than fully benign.