X Bookmarks

The skill is classified as suspicious primarily due to a shell injection vulnerability in `scripts/fetch_bookmarks.sh`. The script directly passes unsanitized arguments (`$@`) to the `bird` command via `exec "${CMD[@]}"`, which could allow an attacker to execute arbitrary commands if user input is not properly sanitized by the OpenClaw agent. Additionally, the `SKILL.md` instructs the AI agent to 'propose actions the agent can execute' based on bookmark content, creating a potential prompt injection vector if the agent's sandboxing or input validation is insufficient. While the skill's stated purpose is legitimate and network calls are confined to X/Twitter APIs, these vulnerabilities pose a significant risk.