twitter-cli

SUSPICIOUS: The skill's purpose matches Twitter operations and the install path is relatively normal, but its core auth design depends on extracting local browser cookies and handing them to an external CLI. That credential handling is high-trust and risky for an agent skill, especially alongside account-writing capabilities, though there is no clear evidence of outright malware or off-platform exfiltration.