bird

SUSPICIOUS: The skill is purpose-aligned and the install sources appear publisher-consistent, so this is not strong malware evidence. However, it uses browser/session-cookie auth, forwards those credentials to a CLI, and enables autonomous public posting and engagement actions, making the overall security risk medium-to-high for agent use.