← Back to Skills Marketplace

X Twitter

Name: X Twitter
Author: zaaachary

by Zaaachary · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

1210

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install x-twitter-api

Description

X (Twitter) API client for searching tweets, retrieving article content, and fetching trending topics. Supports both Bearer Token (app-only) and OAuth 2.0 authentication.

Usage Guidance

This skill appears to do what it says: three Python scripts that call X's API using a bearer token. Before installing or running: 1) Confirm you are comfortable storing X_BEARER_TOKEN in your environment (anyone with the token can access your app-level API). 2) Note the SKILL.md claim about OAuth 2.0 is not implemented in the scripts — if you need user-auth flows, this package doesn't provide them. 3) Review the scripts (they are short) before running and consider running them in an isolated environment; they only connect to https://api.x.com/2 and optionally write results to files you specify. 4) Be aware some endpoints (trends) may require a paid tier; check your token permissions and rate limits. If you need the skill to support OAuth flows or to avoid storing long-lived tokens in env vars, ask the author for clarification or an updated release.

Capability Analysis

Type: OpenClaw Skill Name: x-twitter-api Version: 1.0.1 The skill bundle is suspicious due to a path traversal vulnerability in all three Python scripts (`scripts/get_article.py`, `scripts/get_trends.py`, `scripts/search_tweets.py`). The `--save` argument, which allows users to specify an output file, does not sanitize input, potentially allowing an attacker to write arbitrary JSON content to any file on the system where the agent has write permissions (e.g., `../../../../etc/passwd`). There is no evidence of intentional malicious behavior like data exfiltration to external endpoints, backdoors, or prompt injection against the agent.

Capability Assessment

ℹ Purpose & Capability

Name/description match the code: scripts perform tweet search, article/tweet retrieval, and trends using X API v2. Minor inconsistency: SKILL.md / description say the skill “supports both Bearer Token (app-only) and OAuth 2.0”, but the included scripts only use a bearer token (X_BEARER_TOKEN) and do not implement an OAuth flow. Also the registry summary above listed “Required env vars: none” while the package declares a primary credential X_BEARER_TOKEN and SKILL.md instructs users to set it.

✓ Instruction Scope

SKILL.md and the scripts only direct the agent/user to run the included Python scripts, set X_BEARER_TOKEN, call https://api.x.com/2 endpoints, and optionally save outputs to files. The instructions do not ask the agent to read arbitrary host files, other credentials, or exfiltrate data to unexpected endpoints.

✓ Install Mechanism

No install spec; the skill is instruction-first and bundles small Python scripts. There are no remote downloads, installers, or extracted archives. Required runtime is just python3 and the requests library (imported in scripts), which is expected for these scripts.

✓ Credentials

Only a single credential (X_BEARER_TOKEN) is used as the primary credential. That is proportionate to a client that makes authenticated calls to the X API. No unrelated secrets or config paths are requested.

✓ Persistence & Privilege

always: false and disable-model-invocation: false (standard). The skill does not request permanent system-wide changes, nor does it modify other skills' configs. It only reads X_BEARER_TOKEN and writes user-specified output files.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install x-twitter-api
After installation, invoke the skill by name or use /x-twitter-api
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

Fix: Add 'article' field to tweet.fields API parameter to retrieve full article content via X API v2

v1.0.0

- Initial release of the x-twitter API skill. - Provides scripts to search tweets, retrieve article/tweet content, and fetch trending topics from X (Twitter). - Supports Bearer Token and OAuth 2.0 authentication. - Includes usage examples, advanced query operators, and output/export options. - Handles API errors and rate limits with automatic retry logic. - Detailed setup and API limit information included in documentation.

Metadata

Slug x-twitter-api

Version 1.0.1

License —

All-time Installs 5

Active Installs 3

Total Versions 2

Frequently Asked Questions

What is X Twitter?

X (Twitter) API client for searching tweets, retrieving article content, and fetching trending topics. Supports both Bearer Token (app-only) and OAuth 2.0 authentication. It is an AI Agent Skill for Claude Code / OpenClaw, with 1210 downloads so far.

How do I install X Twitter?

Run "/install x-twitter-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is X Twitter free?

Yes, X Twitter is completely free (open-source). You can download, install and use it at no cost.

Which platforms does X Twitter support?

X Twitter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created X Twitter?

It is built and maintained by Zaaachary (@zaaachary); the current version is v1.0.1.

More Skills