Auto Tweet Publish

This skill appears to implement exactly what it claims — a local, auditable twikit-based controller for an X account — but if you plan to install/run it please consider the following before proceeding: - Credentials: The program expects a config.json containing your username, password (and optionally TOTP secret). Those are stored on disk in the skill directory; ensure file permissions are tight (owner-only) and avoid storing high-value or primary-account credentials if you are unsure. - Cookies: Cookies are saved locally (cookies.json). Protect that file similarly because it can grant session access. - Review code & dependencies: The code is included, so inspect it or run it in a sandbox/container. Verify third-party packages (twikit, fastapi, uvicorn, pydantic). Note the curl_cffi-based shim (curl_httpx_shim.py) uses TLS impersonation to avoid Cloudflare 403; this is consistent with its goal but is a network-layer workaround — if you have policies against TLS impersonation libraries, review or omit the shim. - Least privilege: Run the server as a non-privileged user and avoid running as root. Bind to localhost only (the code already does), and consider firewall rules if needed. - Operational caution: Rate limiting is implemented, but still double-check scheduled/automated actions before enabling to avoid accidental posting from a compromised environment. If you are not comfortable storing credentials on disk or cannot review the code, consider using a vetted, official client or running this in an isolated environment. Otherwise the skill is internally coherent and behaves as described.