twitter-to-binance-square
Warn
Audited by Socket on May 30, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the stated purpose is plausible and the required Twitter/Binance credentials are proportionate, but the execution footprint is not fully trustworthy. The biggest issue is provenance mismatch: official Binance Square skill documentation points to Node.js scripts, while this skill invokes undocumented local Python scripts that would receive publish credentials and perform public posting. That is not confirmed malware, but it raises medium-high trust and integrity concerns, especially because the skill can autonomously publish public content from external Twitter inputs.
Confidence: 86%Severity: 68%
Audit Metadata