Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
xbird
v0.1.1Use when the user asks to tweet, post threads, read tweets, search Twitter/X, check mentions, manage engagement (like/retweet/bookmark), update profile (bio, avatar, banner), upload media, or interact with Twitter accounts. Triggers: twitter, tweet, post, thread, timeline, mentions, followers, following, likes, retweet, bookmark, profile picture, bio.
⭐ 0· 742·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to provide Twitter/X actions (read/post/engage), which is plausible, but the SKILL.md requires raw x.com cookie values (auth_token, ct0) and an optional wallet private key. The registry metadata lists no required env vars or credentials, which conflicts with the SKILL.md. Asking for browser cookies and a private key is not explained by the high-level description and is disproportionate.
Instruction Scope
Runtime instructions tell the user to run 'claude mcp add xbird -- npx @checkra1n/xbird' (fetch-and-run via npx) and to store cookies or keys in ~/.claude/settings.json or the shell. That directs execution of remote code and explicit manual extraction/pasting of session cookies and a private key — sensitive actions that go beyond typical API OAuth flows and could enable account takeover or fund access.
Install Mechanism
Although the registry lists no install spec, the SKILL.md instructs using npx to fetch and run @checkra1n/xbird. npx will download and execute unpinned code from the npm registry (moderate-to-high risk). The package name ("@checkra1n") and lack of a pinned, audited source or repository URL increase risk. This is an install-time action that can run arbitrary code locally.
Credentials
The skill asks for XBIRD_AUTH_TOKEN and XBIRD_CT0 (x.com cookies) and optionally XBIRD_PRIVATE_KEY (wallet). For Twitter integration, official OAuth tokens are expected; requiring session cookies and a wallet private key is sensitive and not proportionate to the described functionality. The metadata declared no required env vars, which is inconsistent with the instructions.
Persistence & Privilege
The instructions add an MCP server to the agent ('claude mcp add ...'), which modifies the agent's configuration and will cause the agent to rely on an external component provided by the npx package. While 'always' is false, this still creates persistent capability and a locally-running component that may act autonomously and make micropayments — combined with the private key request, this is notable.
What to consider before installing
Do not paste your Twitter session cookies or your wallet private key into a third-party skill unless you fully trust and can verify the code and publisher. The SKILL.md asks you to run an unpinned npm package via npx and to store sensitive tokens in your settings; that package will execute arbitrary code locally. Before installing: (1) verify the package source and repository (read its code, release tags, and who publishes it), (2) prefer official OAuth/API keys rather than raw session cookies, (3) never give out your wallet private key — use an intermediate payment/account that you control with limited funds or a signing-only flow, and (4) if you must test, run any fetched code in an isolated environment (VM/container) and avoid adding it to your main agent config. Given the metadata/instruction mismatches and sensitive requests, proceed only after independent code review or prefer an official, documented integration.Like a lobster shell, security has layers — review code before you run it.
latestvk9713sd828y29vth2nfjpwntxd812kzs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.