canghe-post-to-x

SUSPICIOUS: The skill is mostly coherent for posting to X, and its main dependency/install path is official Bun infrastructure rather than an unknown third party. However, it intentionally bypasses anti-automation using Chrome CDP, operates with an authenticated browser profile instead of official API auth, and authorizes system-affecting commands like automatic pkill of Chrome debug instances; these make it higher risk than a normal documentation skill but not clearly malicious.