canghe-danger-x-to-markdown

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill shows a coherent, user-consent driven design for converting X content to Markdown with configurable media handling and output. Key risk areas include use of a reverse-engineered API, local storage of consent/preferences, and handling of sensitive credentials (env vars, cookies). No explicit malware behavior is evident in the fragment, but credential exposure and reliance on unofficial endpoints warrant careful code-level review before deployment. Recommend treating as SUSPICIOUS to MEDIUM risk pending deeper inspection of network calls, credential handling, and the first-time EXTEND.md flow. LLM verification: The skill's stated purpose (convert X content to Markdown) is plausible and most described capabilities match that purpose. However, the implementation guidance raises supply-chain and credential risks: it requests highly sensitive credentials (X_AUTH_TOKEN, X_CT0) and a Chrome cookie fallback, relies on a reverse-engineered API with no declared endpoints, and instructs running via 'npx -y bun' (remote download-and-execute). These factors are disproportionate for typical public-content conversio