Baoyu Post To X

Misuse could publish unwanted public content, trigger account restrictions, or violate platform rules because the tool is designed to look less like automation.

The skill can automate public posting and publishing while explicitly bypassing bot-detection controls, which is high-impact even though it is disclosed and preview is the default.

Anyone or any agent workflow using this skill with your saved profile may be able to compose or publish from your logged-in X account.

The skill acts through a persistent local browser session and can use a selected Chrome profile, giving it delegated access to the user's X account.

A project file could change posting behavior or profile selection in ways the user did not intend, including pushing toward automatic submission.

A project-level or user-level EXTEND.md file can influence which browser profile is used and whether posting is automatic, but the artifacts do not show a strict schema, trust boundary, or approval check.

The skill may require accessibility/automation permissions and can paste clipboard contents into a real application window.

The skill uses OS automation commands to send real paste keystrokes. This is disclosed and purpose-aligned for image/article pasting, but it can affect the active application if misdirected.

The command may fetch or use tooling outside the reviewed skill files, depending on the local setup.

The documented execution path uses npx -y bun rather than a pinned local runtime. This is common for CLI workflows but means runtime resolution depends on the user's environment and package source.