retweet

SUSPICIOUS: The capability matches the stated purpose, and there is no malware-style installer or exfiltration pattern. However, the skill performs real public posting through an opaque Shift intermediary rather than directly to X, so users must trust Shift with connected-account actions and token handling. Risk is driven by third-party credential brokering and autonomous public-action potential, not by confirmed malicious behavior.