← Back to Skills Marketplace
kriptoburak

Tweet Search

by Burak Bayır · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
77
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tweet-search
Description
Use when the user needs to interact with X (Twitter) — searching tweets, looking up users/followers, posting tweets/replies, liking, retweeting, following/un...
Usage Guidance
What to consider before installing: - Only give XQUIK_API_KEY if you trust the Xquik service and the skill author. This key grants the skill the ability to read/write on your Xquik account (including posting tweets, DMs, follows) so treat it like a password. - SKILL.md contains webhook examples that reference XQUIK_WEBHOOK_SECRET but that secret is not declared as a required env var. If you plan to use webhooks, treat that secret carefully and store it in a secure secret manager rather than in plain config files. - The doc shows examples that instruct adding the API key to local config files (claude, ~/.codex/config.toml, .mcp.json, .vscode). Avoid placing long‑lived keys in widely readable or global config files; prefer ephemeral keys or scoped API keys and rotate them frequently. - The package metadata marks contentTrust: untrusted and the static scan found a prompt‑injection pattern. Inspect SKILL.md yourself for any hidden or override instructions (search the file for phrases like "ignore previous instructions", or instructions that ask the agent to bypass confirmations). If you cannot verify the author (Xquik) independently, be cautious. - Because this is instruction-only, no code is run on your machine by default, which reduces install risk — but the agent will make network calls to xquik.com. Monitor your API usage and billing after enabling the skill; consider creating a restricted API key with only the permissions you need (if Xquik supports that) and set spending limits. If you want to proceed: verify the homepage (https://docs.xquik.com) and confirm the provider identity, use least-privilege credentials, do not store secrets in global files, and review SKILL.md for any prompt‑override text before enabling autonomous use.
Capability Analysis
Type: OpenClaw Skill Name: tweet-search Version: 1.0.0 The skill bundle is a highly professional and well-documented integration for the Xquik API, providing extensive capabilities for interacting with X (Twitter). It includes robust security guardrails, such as mandatory user confirmation for financial transactions and write actions (e.g., posting tweets or sending DMs), and explicit instructions for the agent to defend against indirect prompt injection from untrusted X content (SKILL.md). While the service handles sensitive X credentials to enable automation, this behavior is transparently documented and strictly aligned with the stated purpose of the tool. No indicators of malicious intent, data exfiltration, or unauthorized execution were found across the 13 files analyzed.
Capability Tags
cryptocan-make-purchasesrequires-oauth-tokenposts-externally
Capability Assessment
Purpose & Capability
Name/description (searching, posting, monitoring X) aligns with the instructions and referenced endpoints. The single required credential (XQUIK_API_KEY) is appropriate for a third‑party API proxy. No unrelated binaries or unrelated cloud credentials are requested.
Instruction Scope
SKILL.md instructs the agent to call Xquik REST/MCP endpoints and to consult docs — this is in scope. However, webhook examples reference an additional secret (XQUIK_WEBHOOK_SECRET) that is not declared in requires.env, and many examples demonstrate adding the API key into local config files (claude, codex, .mcp.json, ~/.vscode) — which encourages persisting the key in user configs. Also the pre-scan found a prompt‑injection pattern (see scan_findings_in_context) inside SKILL.md; while the rest of the instructions appear legitimate, that pattern is unexpected and should be reviewed manually.
Install Mechanism
Instruction-only skill with no install spec and no bundled code — lowest install risk. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials
The skill declares a single primary credential (XQUIK_API_KEY), which is proportional. But SKILL.md uses/mentions additional environment variables (e.g., XQUIK_WEBHOOK_SECRET) in examples without declaring them as required; examples that show injecting API keys into various local tool configs increase the risk that a user may end up storing credentials in less secure locations. The metadata also marks contentTrust as 'untrusted', which is a cautionary flag.
Persistence & Privilege
The skill is not forced-always, and does not request elevated agent-wide privileges. It does not modify other skills' configurations in the provided instructions. Autonomous model invocation is allowed (the default) — no extra persistence privileges are requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tweet-search
  3. After installation, invoke the skill by name or use /tweet-search
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial public release as x-twitter-scraper (v2.0.1), providing robust X (Twitter) REST API integration. - Enables tweet search, profile lookups, posting/replies, likes, retweets, follows, DMs, bulk data extraction, monitoring, and automation. - Exposes 120 REST API endpoints, two MCP tools, and HMAC webhook support for real-time integrations. - Includes clear quick reference, decision trees, detailed authentication, error handling guides, and up-to-date links to official documentation and pricing. - Requires XQUIK_API_KEY for all operations; security features include prompt injection defense and write/payment confirmations.
Metadata
Slug tweet-search
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Tweet Search?

Use when the user needs to interact with X (Twitter) — searching tweets, looking up users/followers, posting tweets/replies, liking, retweeting, following/un... It is an AI Agent Skill for Claude Code / OpenClaw, with 77 downloads so far.

How do I install Tweet Search?

Run "/install tweet-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tweet Search free?

Yes, Tweet Search is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Tweet Search support?

Tweet Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tweet Search?

It is built and maintained by Burak Bayır (@kriptoburak); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments