bird-cli

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill's documented behavior is consistent and plausible for a CLI that reuses a browser session to call X/Twitter's internal GraphQL APIs. It legitimately requires access to browser cookie stores and sensitive tokens; that access is high-privilege but proportionate to the stated purpose. I found no evidence in this documentation of obfuscation, hardcoded secrets, or third-party credential exfiltration. The main security concerns are inherent to the design: exposing session cookies to the tool (risk of credential theft if the tool or environment is compromised) and reliance on undocumented APIs. Recommend code-level audit to confirm that network requests target X endpoints directly, that cookies are kept in-memory (not logged or uploaded), and that query-id/cache file permissions are safe. Overall: no clear malicious behavior in the provided fragment, but moderate security risk due to required cookie access and write capabilities if misused. LLM verification: The bird-cli skill is functionally coherent with its stated purpose (CLI access to X/Twitter using browser cookies). The explicit request to read browser cookie stores is expected for the feature but dangerous — it increases the attack surface and requires auditing of the code that reads cookies and its dependencies. There is no direct evidence in the supplied documentation of credential exfiltration or malicious behavior. Verdict: SUSPICIOUS (legitimate purpose but sensitive capability). Recomm