X Bookmarks
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent, but it handles high-impact X login cookies/tokens and requests write-capable OAuth access even though it describes X bookmark access as read-only.
Review before installing. Use it only if you are comfortable giving the workflow access to your X bookmarks and local auth material. Prefer least-privilege OAuth scopes, avoid running --print-token, verify bird-cli before installing it, protect .env.bird and token files, and only enable cron digests or account-mutating actions with explicit approval.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Authorizing this app could give the stored OAuth token permission to modify bookmarks, not just read and summarize them.
The helper requests bookmark.write and long-lived offline access, while the skill's security section describes X/Twitter bookmark access as read-only and writes as local-file-only.
SCOPES = "tweet.read users.read bookmark.read bookmark.write offline.access"
Use the minimum OAuth scopes for digest use, such as bookmark.read without bookmark.write. If unbookmarking is intended, document it separately and require explicit per-action confirmation.
If the agent or user runs this option, an X access token may be exposed in chat or logs where it can be copied or reused.
The helper can print the active access token to stdout, which could place an account credential into terminal logs, agent transcripts, or other captured output.
parser.add_argument("--print-token", action="store_true", help="Print current access token") ... print(token)Do not run --print-token in an agent session. Prefer removing this option or masking tokens by default.
Installing or using the skill requires giving the workflow access to your X account session or API authorization.
Using browser cookies and OAuth tokens is expected for a bookmark-fetching integration, but these are high-impact account credentials.
Auth: bird CLI with browser cookies, OR X API v2 with OAuth 2.0 tokens.
Only provide credentials intentionally, keep .env.bird and token files private, and revoke the app/token if you stop using the skill.
Users may not notice the account-auth requirement from registry metadata alone.
The registry metadata does not advertise the credential requirements, even though SKILL.md documents AUTH_TOKEN/CT0, browser cookies, and OAuth token storage.
Required env vars: none ... Primary credential: none
Declare the credential and browser-session requirements in registry metadata or capability tags so users can review them before installation.
A compromised or wrong bird-cli package could run locally with access to your browser profile or X session cookies.
The preferred backend depends on a globally installed, unpinned npm CLI outside the provided skill code; this is user-directed and purpose-aligned, but it will be used with browser-account access.
npm install -g bird-cli
Verify the bird-cli package source and version before installing, and prefer a pinned or documented version when possible.
Bookmarks could prompt the agent to suggest running code, cloning repos, or making changes beyond summarization.
The workflow can lead from bookmarked content into agent actions such as testing or setup. The text frames this as a proposal, not automatic execution.
Tool/repo bookmarks → "I can test this, set it up, or analyze the code"
Require explicit user approval before executing commands, cloning repositories, deleting bookmarks, or changing local projects based on bookmark content.
If enabled, the skill may continue checking your bookmarks on a schedule until you disable the cron job.
Scheduled digest support is disclosed and purpose-aligned, but it creates recurring account access outside a single interactive request.
Set up a daily or weekly cron job and your agent will automatically check for new bookmarks
Only enable scheduled digests intentionally, document where the cron job and state file live, and provide an easy disable/removal path.