baoyu-post-to-x

SUSPICIOUS: The skill's core behavior matches its stated purpose of posting to X via local browser automation, so it is not fundamentally deceptive. However, it enables real-world public posting, uses anti-detection browser automation, includes automatic process-kill behavior, and is distributed through a personal/transitive install path. No clear credential harvesting or third-party exfiltration is evident, but the operational and trust risks are medium.

This code is a high-capability local automation helper: it launches/controls Chrome via CDP, reads sensitive Twitter/X authentication cookies (auth_token/ct0) to check session persistence, and performs clipboard copy/paste by executing companion Bun scripts. While the fragment does not show network exfiltration or explicit malware behavior, it meaningfully increases privacy/security exposure through sensitive cookie access and clipboard manipulation, and it executes OS commands and external processes (npx/bun). Treat as a security-sensitive component requiring review of the companion clipboard scripts and audit of the caller’s trust boundaries for profileDir and clipboard inputs.