saved-searches

SUSPICIOUS. The skill's core purpose is plausible, but it relies on pasting unreviewed JavaScript into DevTools on an authenticated x.com session, enabling account actions and potential broader page access. No external installer or obvious exfiltration endpoint is shown, so this is not confirmed malware, but the unofficial workflow, mismatch with X help documentation, and broadened scraping scope make it medium risk.