tweet-thread-from-blog

SUSPICIOUS: The core writing capability is aligned with the stated purpose, but the optional posting flow routes actions and credentials through Composio instead of direct X APIs, creating a third-party credential/data path. Risk is moderate rather than malicious: no unrelated file access, no exploit behavior, and posting requires user confirmation, but the combination of untrusted web fetching plus public posting and intermediary auth makes the skill meaningfully sensitive.