bird

The package is a legitimate cookie-based X/Twitter CLI that must read browser cookies or accept raw cookie values to operate. This design necessarily handles highly sensitive credentials and permits account-impacting actions (posting, following). I found no documentation evidence of obfuscated code or exfiltration to unknown third-party domains, but the required behaviors create a medium security risk due to sensitive cookie extraction and dangerous CLI usage patterns (passing cookies via command-line flags). Recommend: review the package source before installing, avoid passing cookies on the command line (use browser cookie source with secure handling), run with least privilege, and monitor network activity on first run. If high assurance is required, prefer an OAuth-based client or inspect the npm package contents and runtime network calls.