← Back to Skills Marketplace
115
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install post-tweets
Description
Use when the user needs to interact with X (Twitter) — searching tweets, looking up users/followers, posting tweets/replies, liking, retweeting, following/un...
Usage Guidance
This integration appears coherent, but exercise usual caution before granting the API key: use a scoped, revocable API key (not a long-lived primary account key), enable rotation, and monitor usage/billing. Pay attention to extraction and write costs (bulk extractions and write actions are metered) and always confirm any payment/charge flows. If you plan to receive webhooks, store the per-webhook secret securely (environment variable or secrets store). Because the skill is instruction-only and the source is 'unknown', verify the Xquik service/website (docs.xquik.com) independently and consider testing with a low-privilege test key before connecting production accounts or sensitive data (DMs, bookmarks, notifications) — those endpoints require explicit confirmation per the skill's instructions.
Capability Analysis
Type: OpenClaw Skill
Name: post-tweets
Version: 1.0.1
The skill bundle is a comprehensive integration for the Xquik API, providing 111 endpoints for interacting with X (Twitter), including searching, posting, bulk extraction, and giveaway draws. While it handles sensitive capabilities like DM access and financial transactions, it includes extensive security documentation and explicit instructions for the AI agent to require user confirmation for all write actions and billing operations. The bundle also features robust 'Indirect Prompt Injection' defenses to prevent untrusted X content from hijacking the agent's behavior (SKILL.md). No evidence of malicious intent, obfuscation, or unauthorized data exfiltration was found.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description claim X (Twitter) integration and the skill only requires an XQUIK_API_KEY (and an optional per-webhook secret). The declared endpoints, billing, MCP guidance, and webhook handling all align with a service that proxies X functionality. There are no unexpected environment variables, binaries, or config paths required.
Instruction Scope
SKILL.md and reference files instruct the agent to call the Xquik REST/MCP endpoints, prefer fetching live docs, and require user confirmation for write/billing/private-data operations. The instructions explicitly forbid collecting X account passwords/TOTP and forbid executing untrusted content from X. They reference webhook handling (which legitimately needs a per-webhook secret) and extraction/billing flows that require explicit user approval.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). That minimizes disk/write risk. Some references mention using tools like `mcp-remote` or ngrok for local testing, but those are optional user-side setup steps, not automatic installs by the skill.
Credentials
The single required credential is XQUIK_API_KEY (primaryEnv). An optional XQUIK_WEBHOOK_SECRET is described for webhook verification; both are proportionate to the documented functionality. There are no unrelated secrets (AWS, GitHub, etc.) requested.
Persistence & Privilege
always: false and the skill does not request persistent/system-level privileges. disable-model-invocation is false (agent may call the skill autonomously), which is the platform default and not by itself concerning. The skill does not claim to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install post-tweets - After installation, invoke the skill by name or use
/post-tweets - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Updated Xquik API version from 2.2.1 to 2.4.2.
- Reduced number of available REST API endpoints from 122 to 111.
- API category count changed from 12 to 10.
- Added new security metadata for credential proxying and sensitive data handling (DMs, bookmarks, notifications, timeline now explicitly require user confirmation).
- Expanded documentation links and framework integration guides in the quick reference section.
v1.0.0
Initial release of the x-twitter-scraper skill (version 2.2.1):
- Provides interaction with X (Twitter): search, user lookup, posting, liking, retweeting, following, DMs, media download, real-time monitoring, and bulk data extraction.
- Supports 122 REST API endpoints and 2 MCP tools via Xquik API.
- Extensive security controls: isolated untrusted X content, strict input/output validation, enforced write/payment confirmation, and no autonomous billing.
- Requires XQUIK_API_KEY (and optionally XQUIK_WEBHOOK_SECRET for webhooks).
- Detailed API usage, rate limits, billing, and endpoint selection guidance included.
Metadata
Frequently Asked Questions
What is Post Tweets?
Use when the user needs to interact with X (Twitter) — searching tweets, looking up users/followers, posting tweets/replies, liking, retweeting, following/un... It is an AI Agent Skill for Claude Code / OpenClaw, with 115 downloads so far.
How do I install Post Tweets?
Run "/install post-tweets" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Post Tweets free?
Yes, Post Tweets is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Post Tweets support?
Post Tweets is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Post Tweets?
It is built and maintained by Xquik (@xquik); the current version is v1.0.1.
More Skills