Trust Assessment
bird received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Skill enables tool to access sensitive browser cookies, Skill instructs setting API key in environment variable, Skill grants write access to social media account.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 69/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill enables tool to access sensitive browser cookies The skill describes the `bird` CLI tool's ability to authenticate by accessing browser cookies from Firefox/Chrome. This means the tool, when executed by the agent, will attempt to read sensitive authentication tokens and session data directly from the user's browser profile. This poses a significant risk of data exfiltration and credential harvesting, potentially leading to account compromise on X/Twitter and other sites if the cookies are not properly scoped or handled by the `bird` tool. Avoid tools that directly access browser cookies for authentication. Prefer API tokens or OAuth flows. If unavoidable, ensure the tool is sandboxed and only has access to specific, minimal cookie data. Inform users explicitly about this access. | LLM | SKILL.md:15 | |
| MEDIUM | Skill instructs setting API key in environment variable The skill mentions authenticating via 'Sweetistics API: set `SWEETISTICS_API_KEY`'. Instructing the agent or user to set an API key directly in an environment variable can expose this sensitive credential. While common, in an LLM agent context, this could lead to the key being logged, exposed in prompts, or inadvertently shared if not handled with extreme care by the agent's execution environment. Recommend using secure secret management systems (e.g., vault, encrypted storage) instead of plain environment variables, especially for automated agents. Ensure the agent environment is configured to prevent logging or exposing environment variables. | LLM | SKILL.md:16 | |
| MEDIUM | Skill grants write access to social media account The skill explicitly provides commands for 'Posting' such as `bird tweet "text"` and `bird reply <id-or-url> "text"`. This means the `bird` tool, and by extension the agent using this skill, will have write permissions to the user's X/Twitter account. This capability, if misused or exploited, could lead to unauthorized posts, spam, or reputational damage. Implement strict user confirmation for all posting actions. Consider granular permissions if the underlying API supports it, allowing read-only access by default and requiring explicit elevation for write operations. | LLM | SKILL.md:10 | |
| LOW | Dependency on third-party Homebrew tap The skill's installation method relies on a third-party Homebrew tap (`steipete/tap/bird`). While Homebrew is a trusted package manager, the integrity of third-party taps and their formulas depends on the maintainer. A compromise of the `steipete/tap` repository could lead to the installation of a malicious version of the `bird` tool, introducing a supply chain vulnerability. Verify the integrity of third-party taps and formulas. Consider mirroring critical dependencies or using package managers with stronger integrity checks. Regularly audit the source repository for changes. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/f45d0a13c917e139)
Powered by SkillShield