twitter-scraper

SUSPICIOUS. The skill's purpose and capabilities mostly align, and it uses official Apify APIs plus a normal PyPI dependency. The main concern is trust boundary expansion: the user's token and search data are used to run a third-party marketplace actor rather than same-org code, which is a proportionate but notable data-flow and credential-forwarding risk. No evidence of overt malware or unrelated capability abuse.