ct-alpha

This SKILL.md describes a CLI skill that legitimately integrates with X API v2 to research crypto narratives and recommend next steps. The capabilities are generally aligned with the purpose: searching tweets, extracting token signals, scoring credibility, caching results, and suggesting tool integrations. The main security concerns are operational rather than manifestly malicious: storing the X bearer token in a persistent env file (recommend ensuring strict file permissions and clear guidance), file-based caching of potentially sensitive research, and the use of opaque mcp__* tool connectors (their endpoints and behavior are not documented here). There are no direct signs of malware (no obfuscated code, no curl|bash remote-execute patterns, no hardcoded secrets, no suspicious domains). Overall, treat this as a useful but moderately sensitive tool: inspect install.ts and any connector implementations before running, avoid persisting tokens in world-readable files, and audit MCP connector endpoints/behaviors to ensure credentials or sensitive query data are not forwarded to untrusted third parties.