Twitter Auto Engage

The instructions are coherent with an automated Twitter engagement tool, but the package metadata omits the sensitive env vars it needs, no runnable code is included (it references scripts and a library that aren't present), and the workflow requires a session cookie which is a high-risk secret — these inconsistencies warrant caution.

Do not install or run this skill as-is. The SKILL.md refers to scripts (auto_engage.py, rnet_twitter.py) and a Twitter cookie file but the package contains no code and the registry metadata doesn't list the sensitive env vars it needs — that mismatch is suspicious. Before proceeding: 1) Request the actual source code (auto_engage.py, rnet_twitter.py) and review it for any data-exfiltration, hidden network calls, or unexpected file access. 2) Prefer using OAuth/app credentials or the official Twitter API rather than exporting session cookies; if you must use cookies, use a throwaway account and never reuse your primary account credentials. 3) Verify the homepage/owner reputation (canlah.ai and the owner id) and ask for a signed release or link to a canonical GitHub repo/release. 4) Run any downloaded code in a sandboxed environment, inspect network traffic, and ensure logs or state files don't leak tokens. 5) If you can't obtain or review the code, treat this skill as untrusted and do not provide your OpenAI key or Twitter session cookie. Providing those secrets without code review risks full account takeover or token exfiltration.