baoyu-danger-x-to-markdown

[Skill Scanner] Backtick command substitution detected SUSPICIOUS: The skill's purpose (convert X content to Markdown) is legitimate, and many requested capabilities (URL input, optional auth tokens, configuration files) are appropriate. However, the explicit use of a reverse-engineered X API combined with an automated Chrome fallback that 'caches cookies locally' expands the tool's privilege footprint into sensitive browser session material. The SKILL.md does not disclose the exact network endpoints used, so it is not possible to verify that credentials and content are sent only to X official hosts. Before trusting or installing this skill, review the implementation (scripts/main.ts) to confirm: (1) network endpoints are only X official domains, (2) browser cookie handling is transparent and secure (no exfiltration or unnecessary storage), and (3) consent file and cached tokens are stored with safe permissions. Given the unknowns and the sensitive operations described, treat this skill as suspicious until the code is audited. LLM verification: This SKILL.md describes a plausible legitimate tool for converting X content to Markdown, but it contains several risky elements that warrant caution: use of a reverse-engineered API, runtime fetching/execution via npx/bun, and a Chrome-cookie fallback that can access and cache browser cookies. Those elements increase attack surface and could be abused to harvest credentials or perform unintended network requests if the implementation is malicious. Based only on this metadata (no implementation