← Back to Skills Marketplace
chatgptnexus

Auto Tweet Publish

by chatgptnexus · GitHub ↗ · v1.0.0 · MIT-0
darwinlinux ⚠ suspicious
105
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install auto-tweet
Description
Post, search, like, retweet, bookmark, and manage a Twitter/X account via a local twikit-based API server on port 19816. Use when the user asks to tweet, sea...
README (SKILL.md)

Auto-Tweet Agent — OpenClaw Skill

Safe, open-source Twitter/X automation via twikit. Replaces openclaw-x with fully auditable Python code.

Overview

This skill lets you control a Twitter/X account through natural language. The local API runs on http://localhost:19816 and wraps the open-source twikit library (4.1K+ ⭐, MIT license).

No closed-source binaries. No cookie theft risk. Fully transparent.

Prerequisites

The Auto-Tweet server must be running:

cd ~/.openclaw/skills/auto-tweet
python main.py

Available Actions

Post a tweet

curl -X POST http://localhost:19816/tweet \
  -H "Content-Type: application/json" \
  -d '{"text": "Hello from OpenClaw!"}'

Post a tweet with media

curl -X POST http://localhost:19816/tweet \
  -H "Content-Type: application/json" \
  -d '{"text": "Check this out!", "media_paths": ["/path/to/image.jpg"]}'

Reply to a tweet

curl -X POST http://localhost:19816/tweet \
  -H "Content-Type: application/json" \
  -d '{"text": "Great point!", "reply_to": "TWEET_ID"}'

Quote tweet

curl -X POST http://localhost:19816/tweet \
  -H "Content-Type: application/json" \
  -d '{"text": "This is amazing!", "quote_url": "https://x.com/user/status/TWEET_ID"}'

Search tweets

curl "http://localhost:19816/search?q=AI+Agent&type=Latest&count=10"

Search users

curl "http://localhost:19816/search/users?q=openai&count=5"

Get timeline (For You)

curl "http://localhost:19816/timeline?count=20"

Get timeline (Following)

curl "http://localhost:19816/timeline/following?count=20"

Like a tweet

curl -X POST http://localhost:19816/like \
  -H "Content-Type: application/json" \
  -d '{"tweet_id": "TWEET_ID"}'

Unlike a tweet

curl -X POST http://localhost:19816/unlike \
  -H "Content-Type: application/json" \
  -d '{"tweet_id": "TWEET_ID"}'

Retweet

curl -X POST http://localhost:19816/retweet \
  -H "Content-Type: application/json" \
  -d '{"tweet_id": "TWEET_ID"}'

Undo retweet

curl -X POST http://localhost:19816/unretweet \
  -H "Content-Type: application/json" \
  -d '{"tweet_id": "TWEET_ID"}'

Bookmark a tweet

curl -X POST http://localhost:19816/bookmark \
  -H "Content-Type: application/json" \
  -d '{"tweet_id": "TWEET_ID"}'

Get bookmarks

curl "http://localhost:19816/bookmarks?count=20"

Get user profile

curl "http://localhost:19816/user/elonmusk"

Get user tweets

curl "http://localhost:19816/user/elonmusk/tweets?type=Tweets&count=10"

Get a specific tweet

curl "http://localhost:19816/tweet/TWEET_ID"

Delete a tweet

curl -X DELETE "http://localhost:19816/tweet/TWEET_ID"

Get trending topics

curl "http://localhost:19816/trends?category=trending"

Send a DM

curl -X POST http://localhost:19816/dm \
  -H "Content-Type: application/json" \
  -d '{"user_id": "USER_ID", "text": "Hello!"}'

Follow / Unfollow

curl -X POST "http://localhost:19816/follow/USER_ID"
curl -X POST "http://localhost:19816/unfollow/USER_ID"

Get notifications

curl "http://localhost:19816/notifications?type=Mentions&count=20"

Schedule a tweet

curl -X POST http://localhost:19816/schedule \
  -H "Content-Type: application/json" \
  -d '{"text": "Scheduled tweet!", "scheduled_at": 1735689600}'

Check rate limits

curl "http://localhost:19816/rate_limits"

Health check

curl "http://localhost:19816/"

Rate Limits (Built-in Safety)

Limit Default Purpose
API calls/hour 30 Prevent hourly burst
API calls/day 200 Match normal usage
Tweets/day 20 Conservative posting

All limits are configurable in config.json.

Error Handling

All endpoints return standard HTTP status codes:

  • 200 — Success
  • 400 — Bad request (invalid parameters)
  • 401 — Session expired (restart server)
  • 403 — Account issue (suspended/locked)
  • 409 — Duplicate tweet
  • 429 — Rate limit exceeded
  • 500 — Twitter API error

Security Notes

  • Server binds to 127.0.0.1 only (localhost) — no external access
  • Credentials stay in local config.json
  • Cookies saved locally in cookies.json
  • All code is open-source Python — fully auditable
  • No telemetry, no external callbacks
  • Rate limiter protects against accidental overuse
Usage Guidance
This skill appears to implement exactly what it claims — a local, auditable twikit-based controller for an X account — but if you plan to install/run it please consider the following before proceeding: - Credentials: The program expects a config.json containing your username, password (and optionally TOTP secret). Those are stored on disk in the skill directory; ensure file permissions are tight (owner-only) and avoid storing high-value or primary-account credentials if you are unsure. - Cookies: Cookies are saved locally (cookies.json). Protect that file similarly because it can grant session access. - Review code & dependencies: The code is included, so inspect it or run it in a sandbox/container. Verify third-party packages (twikit, fastapi, uvicorn, pydantic). Note the curl_cffi-based shim (curl_httpx_shim.py) uses TLS impersonation to avoid Cloudflare 403; this is consistent with its goal but is a network-layer workaround — if you have policies against TLS impersonation libraries, review or omit the shim. - Least privilege: Run the server as a non-privileged user and avoid running as root. Bind to localhost only (the code already does), and consider firewall rules if needed. - Operational caution: Rate limiting is implemented, but still double-check scheduled/automated actions before enabling to avoid accidental posting from a compromised environment. If you are not comfortable storing credentials on disk or cannot review the code, consider using a vetted, official client or running this in an isolated environment. Otherwise the skill is internally coherent and behaves as described.
Capability Analysis
Type: OpenClaw Skill Name: auto-tweet-publish Version: 1.0.0 The skill provides extensive Twitter/X automation capabilities (posting, DMs, following, media uploads) by wrapping the twikit library and using a custom shim (curl_httpx_shim.py) to bypass Cloudflare bot detection. It is classified as suspicious because it requires users to store sensitive credentials, including plain-text passwords and TOTP secrets, in a local config.json file. Additionally, the API endpoints in main.py allow the agent to upload arbitrary local files to Twitter and perform broad account actions, which could be exploited for data exfiltration or unauthorized social engineering if the agent is compromised via prompt injection.
Capability Assessment
Purpose & Capability
The name/description match the actual code and SKILL.md: a local FastAPI server that uses the open-source twikit library to control an X account. Credentials are stored in a local config.json (username/password/cookies), which is coherent with the stated design.
Instruction Scope
Instructions stay within the declared purpose (start the local server, curl localhost endpoints). They do instruct the user to store username/password and optional TOTP in config.json and to save cookies.json locally — this is necessary for login but is a local sensitive-data handling decision the user should be aware of.
Install Mechanism
This is an instruction-only skill with bundled Python source and a requirements.txt for pip dependencies (twikit, fastapi, uvicorn, pydantic). There is no install spec that writes arbitrary binaries. One minor inconsistency: curl_httpx_shim.py imports curl_cffi but curl_cffi is not listed in requirements.txt; the shim is optional (main.py falls back to httpx) so this appears to be an implementation detail rather than malicious behavior.
Credentials
The skill requests no environment variables or external cloud credentials. It requires local credentials (username/password in config.json) which is proportionate to the ability to log into and operate an X account. No unrelated tokens or secrets are requested.
Persistence & Privilege
The skill does not force installation (always:false), does not modify other skills or system-wide configs, and keeps cookies/credentials in its own directory. It runs as a local server bound to 127.0.0.1 per SKILL.md/main.py.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install auto-tweet
  3. After installation, invoke the skill by name or use /auto-tweet
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Twitter/X automation skill via twikit - tweet, search, like, retweet, manage timeline
Metadata
Slug auto-tweet
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Auto Tweet Publish?

Post, search, like, retweet, bookmark, and manage a Twitter/X account via a local twikit-based API server on port 19816. Use when the user asks to tweet, sea... It is an AI Agent Skill for Claude Code / OpenClaw, with 105 downloads so far.

How do I install Auto Tweet Publish?

Run "/install auto-tweet" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Auto Tweet Publish free?

Yes, Auto Tweet Publish is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Auto Tweet Publish support?

Auto Tweet Publish is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).

Who created Auto Tweet Publish?

It is built and maintained by chatgptnexus (@chatgptnexus); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments