bird

SUSPICIOUS. The skill’s capabilities mostly match its stated Twitter/X purpose, but it instructs the agent to install an unverified standalone binary and then use browser-derived auth cookies through that binary for authenticated actions. That creates a significant supply-chain and credential-forwarding risk even without evidence of confirmed malware.