The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The file example-cookies-orion.json contains functional-looking session cookies (auth_token, ct0, twid) for X.com. This exposes potential account access and violates secure credential handling practices.
[METADATA_POISONING] (MEDIUM): The repository includes a self-authored AUDIT_REPORT.md and 'Trust Score' claims (e.g., 8.0/10). These are designed to mimic legitimate third-party security verification and may mislead users into trusting the skill without independent review.
[DYNAMIC_EXECUTION] (MEDIUM): The script lib/twitter-automation.js contains a hardcoded fallback path to load the playwright module from /root/.nvm/versions/node/v24.12.0/lib/node_modules/openclaw/node_modules/playwright. This attempts to execute code from an external, environment-specific path that is not part of the skill's distributed package.
[COMMAND_EXECUTION] (LOW): scripts/twitter uses execSync to run the internal automation script. While the command structure is relatively static, it increases the overall attack surface of the skill.
[DATA_EXPOSURE] (LOW): Sensitive cookies are written to a temporary JSON file (~/.config/twitter-skill/.temp-action.json) before being read by the automation worker, creating a window of exposure for session data.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted text via the post command and types it directly into the browser session without sanitization.
Ingestion points: scripts/twitter (postTweet function)
Boundary markers: None; uses direct keyboard.type automation.
Capability inventory: Write access to X/Twitter via browser automation; local file-write; command execution.
Sanitization: None detected.

twitter