Is gan12003/twitter-api safe?

https://github.com/openclaw/skills/tree/main/skills/gan12003/twitter-api

89
SAFE

This is a legitimate Twitter API automation toolkit that provides extensive social media functionality through cookie-based authentication. While the code appears clean with no malicious intent, it contains some poor development practices like hardcoded file paths and provides powerful automation capabilities that could be misused.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (2)

MEDIUM Hardcoded Windows file paths -15

The analyze_signal.py script contains hardcoded Windows file paths (C:\Users\IFLW016\Desktop\GanClaw_Workspace_shared\social_ops) which could potentially write files to unexpected locations if the path exists. This indicates poor development practices and lack of proper path generalization.

LOW Powerful automation capabilities -25

This skill provides extensive Twitter automation functionality including posting tweets, following accounts, fetching notifications, and timeline analysis. While the code appears legitimate, these capabilities could be misused for spam, harassment, or social media manipulation if configured maliciously.