twitter-thread-creation

[Skill Scanner] Pipe-to-shell or eval pattern detected This Skill appears functionally coherent and aligned with its stated purpose: composing and posting Twitter/X threads using the inference.sh CLI and companion apps. There are no hardcoded secrets, obfuscated payloads, or code constructs indicating malware inside the SKILL.md. The primary security consideration is trust in the external service (inference.sh and referenced apps) because the workflow routes credentials and content through those services and the installer uses curl | sh. If you trust inference.sh, the skill is benign. If you do not trust that service, treat it as suspicious since it centralizes credential and content flows. LLM verification: This SKILL.md is instructional and its capabilities align with the stated purpose (writing and posting Twitter/X threads and creating media). However it relies on installing and using a third-party CLI via a pipe-to-shell installer and routes credentials and arbitrary content (URLs/HTML) through that service. Those behaviors raise supply-chain and data-exfiltration concerns: the installer executes remote code locally and the infsh service can receive tweets, credentials, and rendered page conten