← Back to Skills Marketplace
280
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install twitter-dance
Description
基于 apidance.pro API,自动生成并发布推文,支持账户统计、通知管理、自动回复和互动分析,适合日常社媒运营自动化。
Usage Guidance
Before installing or running this skill:
- Don’t trust the registry metadata alone — inspect SKILL.md and the code: this skill expects APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, and optionally KIMI_API_KEY even though the registry lists none.
- Verify provenance: source/homepage are listed as unknown/none in the metadata; package.json points to a GitHub path — confirm the repository and maintainer identity before trusting keys.
- Avoid extracting long‑lived session tokens from your primary account via browser devtools. Prefer creating a dedicated developer/app token with minimal scope or use a throwaway/test account for initial testing.
- Review the code (especially src/* and scripts/*) to see how credentials are used and whether verbose/debug logging might print sensitive data to logs. If you enable verbose=2, watch for sensitive fields in logs.
- Run the code in an isolated environment (throwaway account, sandbox container or VM) first. Do not place production account credentials into the skill until you confirm behaviour.
- Consider rotating credentials after any test runs. If you must use the skill, grant only the minimum scopes needed and avoid long-lived tokens where possible.
- If you want to proceed, ask the maintainer to update registry metadata to declare required env vars and to document token/scopes clearly; request a reproducible source URL (official repo) and a minimal set of permissions for TWITTER_AUTH_TOKEN.
I have medium confidence because the code and docs align with the stated purpose, but the metadata omission and the token extraction guidance are suspicious and merit manual review before use.
Capability Analysis
Type: OpenClaw Skill
Name: twitter-dance
Version: 1.0.0
The twitter-dance skill bundle is a comprehensive Twitter automation toolset that utilizes the apidance.pro third-party API and Kimi AI for content generation. The code is well-structured and provides extensive functionality for tweeting, replying to comments, and performing account analytics, as seen in scripts like auto-tweet.js and auto-reply-comments.js. While the skill requires sensitive credentials (Twitter auth tokens and API keys), the logic is transparent and strictly follows the stated purpose of social media automation. A minor portability issue exists in check-doc.js due to a hardcoded macOS Chrome path, but no malicious behavior or exfiltration logic was detected.
Capability Assessment
Purpose & Capability
The skill's stated purpose (Twitter automation via apidance.pro and optional Kimi) legitimately requires APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, and optionally KIMI_API_KEY. However, the registry metadata declares no required environment variables or primary credential, which is inconsistent with the SKILL.md and included code (many scripts and client files that read process.env). The lack of declared credentials in metadata is an incoherence that should be clarified.
Instruction Scope
SKILL.md instructs the agent/user to export APIDANCE_API_KEY, TWITTER_AUTH_TOKEN and KIMI_API_KEY and gives commands to run scripts and cron jobs. It also explicitly tells users to obtain a TWITTER_AUTH_TOKEN by copying the Authorization header from X.com developer tools — guidance that can encourage insecure token extraction and accidental exposure. The docs enable verbose logging (verbose=2) which will print full GraphQL requests/responses for debugging; that could surface sensitive data if not reviewed. Scripts write logs to a logs/ directory and suggest running long‑running watchers (--watch); these behaviours are within the skill's scope but increase the risk surface.
Install Mechanism
No install spec is provided (instruction-only skill), and the repository includes source and a small bundled dependency (dotenv) rather than arbitrary downloads. There is no evidence of external arbitrary binary downloads or extract steps; risk from installation artifacts is therefore low. However, the package includes many scripts and full client code, so review of the codebase is necessary before execution.
Credentials
The required credentials (APIDANCE_API_KEY, TWITTER_AUTH_TOKEN, optional KIMI_API_KEY) are appropriate for a Twitter automation skill. The concern is that the registry metadata did not declare any required env vars or a primary credential, yet the SKILL.md and code clearly require them. TWITTER_AUTH_TOKEN (a bearer/session token) is particularly sensitive; the skill's instructions on obtaining it via browser request copying and storing it locally increase the chance of misuse or accidental leakage. No other unrelated credentials are requested.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously (disable-model-invocation:false), which is the platform default. Because the skill uses sensitive API credentials and supports scheduling/cron instructions, autonomous invocation increases the potential blast radius if credentials or behaviour are misconfigured — review and limit autonomous runs until you audit the code and tokens. The skill does not request system-wide config changes or other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install twitter-dance - After installation, invoke the skill by name or use
/twitter-dance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
twitter-dance 1.0.0
- Initial release of a fully automated Twitter posting and management system based on apidance.pro API
- Supports AI-powered tweet generation (Kimi), automated posting, bulk scheduling, and draft mode
- Includes tweet analytics, account stats, interaction and engagement analysis, and notification management
- Offers advanced features: auto-reply to comments, conversation threading, bulk like/retweet, and best posting time analysis
- Command-line scripts provided for quick start, automation, and interactive workflows
- Extremely low operating cost compared to popular alternatives
Metadata
Frequently Asked Questions
What is twitter-dance?
基于 apidance.pro API,自动生成并发布推文,支持账户统计、通知管理、自动回复和互动分析,适合日常社媒运营自动化。 It is an AI Agent Skill for Claude Code / OpenClaw, with 280 downloads so far.
How do I install twitter-dance?
Run "/install twitter-dance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is twitter-dance free?
Yes, twitter-dance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does twitter-dance support?
twitter-dance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created twitter-dance?
It is built and maintained by Evan (@evan-y25); the current version is v1.0.0.
More Skills