← Back to Skills Marketplace

X / Twitter Search

Name: X / Twitter Search
Author: blueberrywoodsym

by blueberrywoodsym · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

1491

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install x-twitter-search

Description

Search X/Twitter in real-time using Grok or X API. Find tweets, trends, and discussions with citations.

Usage Guidance

This skill appears to do what it says, but take these precautions before installing: (1) Inspect scripts/search.js (already included) and confirm you are comfortable sending XAI_API_KEY to api.x.ai and any X_BEARER_TOKEN to api.x.com. (2) Provide only the credential(s) you intend to use (e.g., give XAI_API_KEY only if using Grok mode); consider using an API key with limited scope and easy rotation. (3) Because the skill runs a local Node script, run it in an environment you control (not with highly privileged credentials). (4) Note the scanner flagged 'system-prompt-override' — this is expected because the skill sends a systemPrompt to the remote model; if you are concerned, review the payload formatting in the script. (5) If you have strict security needs, run the script in an isolated container or sandbox before adding to production.

Capability Analysis

Type: OpenClaw Skill Name: x-twitter-search Version: 1.0.1 The skill is classified as suspicious due to a prompt injection vulnerability in `scripts/search.js`. The user's search query (`options.query`) is directly embedded into the `payload.input` sent to the xAI Grok model without sufficient sanitization. While the script's `extractContent` function attempts to filter the model's response, a malicious query could potentially manipulate the Grok model's behavior or lead to unintended information disclosure from the model's context. However, there is no evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or installation of backdoors; network calls are confined to `api.x.ai` and `api.x.com` as declared in `SKILL.md`.

Capability Assessment

✓ Purpose & Capability

Name/description (X/Twitter search) align with what is present: a Node script that calls either xAI's Responses API (x_search tool) or X's search API. Declared requirement (node) and primaryEnv (XAI_API_KEY) match the default Grok mode. Optional X_BEARER_TOKEN is documented and used only for the native X API path.

ℹ Instruction Scope

SKILL.md instructs running scripts/search.js and documents environment variables and modes; the script only makes HTTPS requests to api.x.ai and api.x.com and formats results. A pre-scan flagged 'system-prompt-override' because the script builds a systemPrompt sent to xAI in the request payload — this is expected for the Grok mode (it configures the remote model) and does not override the local agent's system prompt. Review of the script confirms it does not read local files, access other env vars, or call unexpected endpoints.

✓ Install Mechanism

No install spec provided (instruction-only + included script). The skill requires node on PATH and contains a local script. There are no downloads from untrusted URLs or archive extraction steps in the repo.

✓ Credentials

Only XAI_API_KEY is required (primary). The code also accepts optional X_BEARER_TOKEN/TWITTER_BEARER_TOKEN for the X API path; all requested env vars are directly used for calls to the documented endpoints. There are no unrelated or excessive credentials requested.

✓ Persistence & Privilege

Skill is not always-enabled and sets disable-model-invocation: true (cannot be invoked autonomously), which reduces risk. The skill does not claim or appear to modify other skills or system-wide settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install x-twitter-search
After installation, invoke the skill by name or use /x-twitter-search
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- No code changes in this release. - Documentation revised in SKILL.md only; behavior and commands remain unchanged. - No impact to interface, functionality, or environment variable usage.

v1.0.0

- Added real-time X/Twitter search skill with Grok (AI-powered) and native X API modes. - Supports searching tweets, trends, and discussions with citations and multiple output formats. - Allows filtering by time range (up to 30 days with Grok, 7 days with X API) and by specific handles. - Flexible setup using either xAI API key or X API bearer token; commands provided for both modes. - Ensures user privacy: does not post, modify content, or access private account data.

Metadata

Slug x-twitter-search

Version 1.0.1

License —

All-time Installs 5

Active Installs 4

Total Versions 2

Frequently Asked Questions

What is X / Twitter Search?

Search X/Twitter in real-time using Grok or X API. Find tweets, trends, and discussions with citations. It is an AI Agent Skill for Claude Code / OpenClaw, with 1491 downloads so far.

How do I install X / Twitter Search?

Run "/install x-twitter-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is X / Twitter Search free?

Yes, X / Twitter Search is completely free (open-source). You can download, install and use it at no cost.

Which platforms does X / Twitter Search support?

X / Twitter Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created X / Twitter Search?

It is built and maintained by blueberrywoodsym (@blueberrywoodsym); the current version is v1.0.1.

More Skills