Oathe Security Badge

Is minilozio/tweet-composer-skill safe?

https://github.com/minilozio/tweet-composer-skill

95
SAFE

This skill provides educational documentation about X's tweet ranking algorithm and appears to be legitimate. It contains only markdown documentation files with no executable code, and shows normal installation behavior with no actual data exfiltration detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

LOW Filesystem access to sensitive file paths detected -12

Monitoring detected access to canary files including .env, SSH keys, and cloud credentials. However, this appears to be from monitoring processes rather than the skill itself, as the skill contains only markdown documentation files and canary integrity was maintained.