← Back to Skills Marketplace

readx

Name: readx
Author: wxtsky

by wxtsky · GitHub ↗ · v1.1.4

cross-platform ⚠ suspicious

847

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install readx

Description

Twitter/X intelligence toolkit: analyze users, tweets, trends, communities, and networks

Usage Guidance

This skill appears to do what it says: it calls a remote readx.cc service and needs an API key. Before installing, verify you trust readx.cc (it's the only network endpoint used). Prefer storing the API key in a secure place (environment variable or credential store) rather than embedding it into URLs or plaintext files. If asked, decline having the agent itself write credentials to your config unless you trust the skill and know exactly where and how the key will be stored. Avoid pasting the API key into public logs or chat. If you want stronger assurance, ask the vendor for documentation, a privacy policy, and whether the MCP URL can be configured without the API key in the query string (e.g., via a secure header or token store).

Capability Analysis

Type: OpenClaw Skill Name: readx Version: 1.1.4 The skill is classified as suspicious due to instructions for the AI agent to perform file system read/write operations and shell execution, which are high-risk capabilities. Specifically, `SKILL.md` instructs the agent to read and potentially write an API key to `~/.config/readx/credentials.json` (or Windows equivalent) and to execute `curl` commands for API interaction and fetching API documentation from `https://readx.cc`. While these actions are plausibly needed for the skill's stated purpose and `SKILL.md` includes explicit safeguards against API key exfiltration to unauthorized domains, these capabilities introduce an attack surface for potential vulnerabilities (e.g., shell injection, arbitrary file access) if the agent's execution environment or input sanitization is flawed.

Capability Assessment

✓ Purpose & Capability

Name/description match the declared requirement (READX_API_KEY) and the SKILL.md describes calling a remote readx.cc API or MCP server for Twitter/X analysis. No unrelated credentials, binaries, or system paths are requested.

ℹ Instruction Scope

Instructions stay within analysis scope (resolve user→user_id, call timelines/search, derive metrics). They do instruct the agent to use curl and to read/write a readx credentials file and to add an MCP server URL that includes the API key query parameter; these are functional for the service but introduce credential-handling choices the user should review.

✓ Install Mechanism

Instruction-only skill with no install spec or code files — minimal disk/write footprint from the skill itself. All runtime behavior is via remote API calls or existing MCP tooling.

ℹ Credentials

Only READX_API_KEY is requested (declared as primaryEnv) which is proportionate to an API-based analysis tool. However, the doc recommends embedding the API key in an MCP URL (https://readx.cc/mcp?apikey=<API_KEY>) and persisting it to a plaintext credentials file by default — both raise credential-exposure risks.

✓ Persistence & Privilege

always:false and no requests to modify other skills or system-wide agent settings. The skill does instruct adding an MCP server entry to editor config and optionally writing the API key to a local config file — expected for this functionality but requires user consent.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install readx
After installation, invoke the skill by name or use /readx
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.4

Trim instructions: remove redundant Skills Overview, simplify setup wording

v1.1.3

Simplify instructions: remove platform-specific commands, let AI handle details

v1.1.2

Fix outdated error handling for remote MCP; use credentials.json for API key persistence

v1.1.1

Use ~/.config/readx/credentials.json for API key persistence, with user consent before writing

v1.1.0

User-guided setup: AI asks user to choose self-config or AI-assisted config for both MCP and Direct API Mode

v1.0.9

Fix contradictions: remove agent-assisted setup and paste-in-chat instructions; user self-configures env var

v1.0.8

Fix security instruction contradiction: align key storage policy with actual setup instructions

v1.0.7

Cross-platform env var setup: support zsh, bash, PowerShell, and cmd

v1.0.6

Direct API Mode: let user choose manual or AI-assisted env var setup

v1.0.5

Direct API Mode: guide users to set READX_API_KEY env var in shell profile for persistence

v1.0.4

Restore Direct API Mode (curl) for platforms without MCP support; no file writes, session-only key usage

v1.0.3

Add primaryEnv/requires.env metadata declaration; remove paste-key-in-chat instructions for security compliance

v1.0.2

Switch to remote MCP server (URL-based), remove npm/npx dependency and local credential persistence

v1.0.1

Remove npx -y to fix supply chain risk flagged by VirusTotal; use global install instead

v1.0.0

Initial release: Twitter/X intelligence toolkit with 15 analysis skills, MCP server support, and direct API mode

Metadata

Slug readx

Version 1.1.4

License —

All-time Installs 2

Active Installs 1

Total Versions 15

Frequently Asked Questions

What is readx?

Twitter/X intelligence toolkit: analyze users, tweets, trends, communities, and networks. It is an AI Agent Skill for Claude Code / OpenClaw, with 847 downloads so far.

How do I install readx?

Run "/install readx" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is readx free?

Yes, readx is completely free (open-source). You can download, install and use it at no cost.

Which platforms does readx support?

readx is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created readx?

It is built and maintained by wxtsky (@wxtsky); the current version is v1.1.4.

More Skills