Bird X Reader
v1.0.0Interface with Bird routing daemon CLI to read, search, and post tweets or replies using bird or birdc commands.
⭐ 0· 16·0 current·0 all-time
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to 'interface with Bird routing daemon CLI' in metadata but the README/SKILL.md describe a Twitter/X client that reads/posts tweets. The classic 'bird' BIRD routing daemon is a network routing tool and would not provide Twitter functionality — this naming/description mismatch is incoherent and could be a typo or misdirection. Users should confirm which 'bird' binary this skill expects and whether that binary legitimately implements the described Twitter features.
Instruction Scope
Instructions tell the agent to run `bird` commands to read/search/post and list browser cookies as a default auth source. Although no explicit file paths are shown, using browser cookies implies reading local browser cookie stores (sensitive). The SKILL.md does not detail what 'bird check' does or exactly how cookies are accessed. Because the agent would run an external CLI that may read local credentials/cookies, this expands the scope beyond mere API calls and should be verified.
Install Mechanism
This is an instruction-only skill with no install spec and no included code files, so nothing will be written or installed by the skill itself. That reduces risk from hidden installers, but also means behavior depends entirely on whatever 'bird' binary is already present on the host.
Credentials
The skill does not declare required environment variables in its registry metadata, yet the SKILL.md references an external auth option using SWEETISTICS_API_KEY and an auth engine flag. The mismatch between declared requirements (none) and referenced credentials is inconsistent. Additionally, the implicit use of browser cookies as auth implies access to sensitive local data that is not declared.
Persistence & Privilege
The skill does not request permanent presence (always:false) and is user-invocable. It does not ask to modify other skills or system-wide settings according to provided metadata, which is appropriate.
What to consider before installing
Do not install or run this skill until you verify what 'bird' on your system actually is. Before installing: 1) run `which bird` and `bird --version` (or inspect the binary) to confirm it's the intended Twitter/X client and not the BIRD routing daemon; 2) inspect the 'bird' client source or vendor to see how it authenticates and whether it reads browser cookie stores; 3) be cautious about allowing any tool to read browser cookies — prefer explicit API tokens with limited scope; 4) if you must test, run the CLI in a sandboxed or isolated environment and run `bird check` interactively to see what it accesses; 5) ask the publisher for clarification about the metadata mismatch and for a declared list of required env vars/paths. Because this is an instruction-only skill with no code to review, those manual checks are essential. If you cannot confirm the origin and behavior of the 'bird' binary, avoid installing the skill.Like a lobster shell, security has layers — review code before you run it.
agent-toolsbirdclilatestsocialtwitter
bird
Use bird to read/search X and post tweets/replies.
Quick start
bird whoamibird read <url-or-id>bird thread <url-or-id>bird search "query" -n 5
Posting (confirm with user first)
bird tweet "text"bird reply <id-or-url> "text"
Auth sources
- Browser cookies (default: Firefox/Chrome)
- Sweetistics API: set
SWEETISTICS_API_KEYor use--engine sweetistics - Check sources:
bird check
Comments
Loading comments...