xbird

The xbird manifest describes high-risk behaviors: extracting browser session credentials, executing code from npm via npx, and auto-generating/managing a micropayment wallet — all with no documented provenance, endpoint transparency, or secure key-handling. These capabilities, if implemented without strong safeguards, enable credential theft and theft of funds. There is no direct evidence of malware in the manifest alone, but the design is suspicious and warrants treating the package as high-risk until the source code, network endpoints, and key management implementation are audited. Do not run npx installs or grant browser/profile access without a full code and runtime network review.

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill's stated purpose (E2E-encrypted transfer of Twitter credentials for use in ACP jobs) matches its described operations, but there is a significant trust dependency on the attestation/public-key endpoint (https://xbirdapi.up.railway.app). Because clients obtain the server public key from that endpoint and then encrypt their high-value Twitter session cookies to it, a malicious or compromised attestation server can trivially break confidentiality. Requiring raw session cookies is itself high-risk. I rate this skill SUSPICIOUS: it is not obviously malicious by itself, but its architecture places sensitive trust in a third-party endpoint (railway.app) and thus poses a meaningful supply-chain/credential-harvesting risk unless the attestation provider is fully vetted or replaced with an official/verifiable attestation mechanism. LLM verification: This skill's design is plausible and consistent for an ACP workflow that must deliver Twitter session credentials to a provider running in a TEE: it documents client-side ECDH key exchange, AES-256-GCM encryption, and posting an encryptedCredentials blob to a Virtuals job. However, the use of a third-party attestation endpoint (https://xbirdapi.up.railway.app) without documented attestation verification is a significant trust and data-flow concern: an attacker or malicious operator of that endpo

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] The reviewed fragment implements a plausible pay-per-request Twitter/X proxy design that requires strong trust in the remote server. I found no explicit obfuscated or dynamically malicious code in the supplied docs/examples, but the architecture routes decrypted credentials and irreversible payments through a third-party server (xbirdapi.up.railway.app) and contains ambiguous privacy claims. This creates a realistic risk of credential harvesting, logging, or misuse of payments. Before use, obtain and audit the server source or deploy a vetted instance; avoid providing raw auth tokens or private keys to an untrusted operator. LLM verification: SUSPICIOUS: The skill implements a legitimate-seeming pay-per-request proxy for Twitter/X, but its design centralizes sensitive credentials and requests at a third-party server (xbirdapi.up.railway.app). The documented auto-detection of browser cookies during login, plus explicit instructions to send Twitter auth tokens or CT0 cookies to the proxy, create a credible credential-harvesting risk. The use of a free hosting domain and an unusual package name further reduce trust. If you must use this