Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
X Bookmarks
v1.1.0Fetch, summarize, and manage X/Twitter bookmarks via bird CLI or X API v2. Use when: (1) user says "check my bookmarks", "what did I bookmark", "bookmark dig...
⭐ 0· 1.6k·5 current·8 all-time
bysharbel@sharbelayy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name/description (X Bookmarks) aligns with the included scripts and workflows: a bird CLI wrapper, an X API v2 fetcher, and an OAuth helper. However, the registry metadata at the top of the package claims no required env vars, binaries, or config paths while SKILL.md and the scripts explicitly document AUTH_TOKEN/CT0, optional X_API_BEARER_TOKEN, the bird binary, and ~/.config/x-bookmarks/tokens.json — an internal inconsistency the user should be aware of.
Instruction Scope
SKILL.md and the scripts confine actions to fetching bookmarks (via bird or X API), categorizing them, and storing local state/tokens. The OAuth helper runs a local HTTP callback and opens the browser (normal for PKCE). There are no instructions to read unrelated system files or transmit credentials to unexpected third parties; network calls go to X endpoints (api.x.com / x.com) as expected.
Install Mechanism
There is no automated install spec in the package (instruction-only with scripts included), so nothing is automatically downloaded or executed during install. The only external install suggested is installing bird-cli from npm, which is a normal third-party dependency. No unusual download URLs or archive extraction are present.
Credentials
The package reasonably needs authentication credentials to read private bookmarks: either browser cookie values (AUTH_TOKEN and CT0) for bird CLI or OAuth tokens / bearer token for the X API. These credentials are sensitive but proportionate to the stated functionality. Again note the registry metadata incorrectly lists no required env vars while SKILL.md requires them. Tokens are saved locally to ~/.config/x-bookmarks/tokens.json (file is created with mode 0o600 in the code).
Persistence & Privilege
The skill stores its own config and tokens under ~/.config/x-bookmarks and runs a short-lived local HTTP server during OAuth authorization; it does not request persistent platform-wide privileges nor set always:true. Storing tokens locally (with restrictive file perms) is normal for this workflow.
Assessment
This package appears to do what it says, but take these precautions before installing:
- Source verification: the skill's source/homepage is unknown and the registry metadata contradicts SKILL.md. Only install if you trust the publisher or have reviewed the scripts.
- Prefer OAuth over manual cookie copying: use the provided x_api_auth.py flow (OAuth PKCE) rather than manually extracting/pasting auth_token and ct0 — copying cookies is sensitive and error-prone.
- Review local storage: tokens are written to ~/.config/x-bookmarks/tokens.json (the code sets 0o600). Make sure you’re comfortable storing tokens on this machine and check file ownership/permissions.
- Inspect scripts: the included scripts are small and call only bird or X API endpoints; if unsure, read them yourself or run in an isolated environment (VM/container) first.
- Validate bird-cli source: if you use the bird path, ensure you install bird-cli from its official repo/npm package and understand that it accesses browser cookie stores.
- Cron/automation: scheduled digests imply storing last-processed IDs in workspace/state — confirm where that state will be stored and secure it if it contains tokens or identifiers.
If you want higher assurance, ask the publisher for a verified homepage or run the tools locally (inspect source and run only the Python scripts you reviewed).Like a lobster shell, security has layers — review code before you run it.
latestvk970fgej7rk7bgm99emdt28ytd817mw6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.