← Back to Skills Marketplace
Twitter Query
by
alexander10011
· GitHub ↗
· v1.0.0
· MIT-0
268
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install twitter-query
Description
Query X/Twitter via twitterapi.io read-only APIs by account (user timeline) or by keyword (advanced search). Outputs structured JSON; no LLM, no trend scorin...
Usage Guidance
This skill appears to do what it claims (fetch tweets via twitterapi.io) and the Python scripts are readable and use only stdlib. Before installing or running it:
- Treat TWITTER_API_KEY as a secret. Only provide your real key if you trust the skill and its source; consider using a throwaway/test key first.
- Verify the platform metadata: the skill's SKILL.md and scripts require TWITTER_API_KEY, but the registry metadata does not declare it — ask the publisher to update the manifest to list required env vars.
- Do not change TWITTER_API_BASE to an unknown host. If you must override it (for testing), run in an isolated environment and monitor network traffic to ensure your API key isn't sent to an unexpected endpoint.
- If you have security concerns, inspect the two scripts yourself or run them locally with your network blocked (or a proxy you control) to observe behavior. Ask the publisher to restrict or validate TWITTER_API_BASE in-code if you need stronger guarantees.
Because of the metadata inconsistency and the overridable base URL, I rate this as suspicious rather than benign; these are fixable but should be clarified before broad use.
Capability Analysis
Type: OpenClaw Skill
Name: twitter-query
Version: 1.0.0
The skill is a legitimate tool for querying Twitter/X data via the twitterapi.io third-party service. The Python scripts (scripts/query_by_user.py and scripts/query_by_keyword.py) use standard libraries to perform read-only API calls, properly handling authentication via the TWITTER_API_KEY environment variable and sanitizing inputs through URL encoding. No indicators of data exfiltration, unauthorized execution, or malicious prompt injection were found in the code or documentation.
Capability Assessment
Purpose & Capability
The scripts implement exactly what the name/description promise: read-only queries to twitterapi.io (user timeline and advanced search) and JSON output. However the registry metadata lists no required environment variables while SKILL.md and the scripts clearly require TWITTER_API_KEY (and optionally TWITTER_API_BASE). This metadata mismatch is inconsistent and may lead to missing user prompts or disclosure in install flows.
Instruction Scope
SKILL.md instructs the agent/user to set TWITTER_API_KEY and run the two Python scripts; the scripts only perform HTTP GETs to the configured base and print JSON to stdout. They do not access other system files, other credentials, or external telemetry endpoints. One noteworthy instruction-level detail: TWITTER_API_BASE is overrideable; if a user or agent sets that to a malicious URL the skill will send the API key there (the scripts do not restrict allowed hosts).
Install Mechanism
There is no automated install spec — this is effectively an instruction-and-scripts package. The code uses only Python stdlib and will run locally; nothing is downloaded from arbitrary third-party URLs. This is low install-surface risk.
Credentials
Functionally the skill only needs one secret (TWITTER_API_KEY), which is proportionate. But the package/registry metadata does not declare this required env var or a primary credential (the SKILL.md and scripts do). That mismatch is concerning because platforms may not surface the requirement to users. Additionally, allowing TWITTER_API_BASE to be set by env var means the key could be sent to a non-twitterapi.io host if misconfigured.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation is allowed (default) but is not combined with other alarming privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install twitter-query - After installation, invoke the skill by name or use
/twitter-query - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: X/Twitter read-only queries by user timeline (last_tweets) and keyword (advanced_search) via twitterapi.io. Requires TWITTER_API_KEY. No bundled LLM.
Metadata
Frequently Asked Questions
What is Twitter Query?
Query X/Twitter via twitterapi.io read-only APIs by account (user timeline) or by keyword (advanced search). Outputs structured JSON; no LLM, no trend scorin... It is an AI Agent Skill for Claude Code / OpenClaw, with 268 downloads so far.
How do I install Twitter Query?
Run "/install twitter-query" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Twitter Query free?
Yes, Twitter Query is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Twitter Query support?
Twitter Query is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Twitter Query?
It is built and maintained by alexander10011 (@alexander10011); the current version is v1.0.0.
More Skills