twitter

This skill is functionally consistent with its stated purpose (querying Twitter/X-like data) but delegates all authentication and request handling to a third-party service (6551). That centralization means a user must trust 6551 with bearer tokens and all query data; this is the primary supply-chain risk (credential forwarding and potential data exfiltration). There is no evidence of obfuscated or execution-of-remote-binary behavior in the provided content, but because the skill routes sensitive tokens to an external domain and offers access to potentially sensitive operations (deleted tweets, follower events), treat it as a medium security risk unless you trust 6551's policies and operational security.