persona

The skill is largely aligned with its stated persona/social-intelligence purpose and mainly talks to expected services, so it is not confirmed malicious. The main risks are sensitive token capture/storage, transitive plugin installation, and prompt-injection exposure from untrusted social/git content in a Bash-capable skill.

The module implements a high-sensitivity token extraction workflow: it programmatically discovers and validates an X API bearer token from an authenticated developer-portal browser session (DOM scraping and copy/reveal→clipboard), transmits the token to api.x.com for validation, and persists the validated bearer token in plaintext under ~/.claude/persona/tokens.json. While it does not show classic backdoor or obfuscated malicious code, its credential-harvesting capability materially increases supply-chain and misuse risk; additional concern exists due to executing a locally discovered CDP script from a plugin cache and printing page snapshots that may include sensitive content. Overall, treat as security-relevant credential-handling automation and review/limit its use and environment access.