twitter-cli-skill

SUSPICIOUS: the skill’s capabilities largely match its Twitter CLI purpose, and distribution via PyPI/GitHub is reasonably verifiable, but it is high-risk because it forwards browser cookies/raw session tokens to a third-party CLI, uses non-official auth methods with anti-detection features, and enables autonomous public posting and account actions. The main concern is disproportionate credential handling and action scope, not confirmed malware.