← Back to Skills Marketplace
X
by
Oliver Drobnik
· GitHub ↗
· v1.0.0
293
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install twitter-api-v2
Description
Access X (Twitter) via API v2: user profiles, timelines, threads, search, bookmarks, likes, and posting. Use when asked to: (1) get user info or profile, (2)...
Usage Guidance
This skill appears to implement an X (Twitter) v2 CLI and is internally consistent with that purpose, but you should take these precautions before installing or running it:
- Verify the source: the registry metadata has no homepage and an unknown owner; review the full scripts/x.py locally to ensure there are no unexpected network endpoints or hidden behavior.
- Credentials: the tool asks you to place your bearer token and OAuth client credentials in ~/.openclaw/x/*.json. These are sensitive secrets stored in plaintext; only proceed if you trust the skill and the machine's security.
- OAuth flow: running auth opens your browser and starts a local HTTP server on 127.0.0.1:8080 to capture the callback. Ensure that port is acceptable to open and that the redirect URI exactly matches what you register in the developer portal.
- Billing: the documentation describes pay-per-usage billing; set spending limits in your X developer/billing console before large-scale use to avoid unexpected charges.
- Verify endpoints: the code uses api.x.com and twitter.com oauth endpoints in places; confirm endpoints are correct and expected for your developer account.
- Optional: run the script in a sandbox or inspect the code line-by-line before use. If you prefer not to store secrets on disk, consider managing tokens via a secure secrets manager and adapt the script accordingly.
Capability Analysis
Type: OpenClaw Skill
Name: twitter-api-v2
Version: 1.0.0
The skill bundle provides a well-structured and safe implementation for interacting with the X (Twitter) API v2 using only the Python standard library. The main script (scripts/x.py) implements standard authentication flows, including Bearer tokens and OAuth 2.0 with PKCE, and correctly handles local credential storage in ~/.openclaw/x. There is no evidence of data exfiltration, malicious execution, or prompt injection attempts in SKILL.md or the supporting documentation (SETUP.md, references/pricing.md). The use of a temporary local HTTP server for OAuth callbacks is a standard and appropriate practice for CLI-based authentication.
Capability Assessment
Purpose & Capability
The name/description (X/Twitter API v2 client) matches the included script and SKILL.md: it implements user lookup, timelines, search, bookmarks, likes, and posting. Requested runtime binary (python3) is appropriate. There are no unrelated credentials or binaries requested. Note: credentials are expected to be stored in ~/.openclaw/x/ (credentials.json, oauth2.json, tokens.json) rather than supplied via declared env vars.
Instruction Scope
SKILL.md instructs running the provided Python CLI and creating credential files under ~/.openclaw/x. The CLI performs local file I/O (read/write JSON credential/token files), network calls to X API endpoints, and runs a local HTTP server during OAuth auth to capture the callback on localhost:8080. These behaviors are consistent with implementing OAuth and API access, but they do involve reading/writing secrets and opening a local port for the auth flow.
Install Mechanism
There is no install spec — this is instruction+script only. Nothing is downloaded or extracted during install by the skill itself. The only runtime requirement is python3, which is declared and appropriate.
Credentials
The skill declares no required environment variables, which aligns with the provided instructions that store credentials in files under ~/.openclaw/x. This is proportionate to the stated functionality, but it means secrets (bearer token, client_id/secret, refresh/access tokens) are stored as plaintext JSON in the user's home directory. The skill will read/write these files and will need access to them.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It writes only to its own config path (~/.openclaw/x) and saves tokens there; it does run a transient local HTTP server on 127.0.0.1:8080 for OAuth, which is expected for the described auth flow. It does not modify other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install twitter-api-v2 - After installation, invoke the skill by name or use
/twitter-api-v2 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of X (Twitter) API v2 client.
- Provides CLI access to X (Twitter) user profiles, timelines, threads, search, bookmarks, likes, and posting via API v2.
- Supports both public data (bearer token) and user-specific actions (OAuth 2.0).
- All features use Python standard library with zero dependencies.
- Clean, readable text output for all commands.
- Rate limits, billing info, and usage tips documented.
- Advanced search operators and filtering supported (e.g., exclude retweets/replies).
Metadata
Frequently Asked Questions
What is X?
Access X (Twitter) via API v2: user profiles, timelines, threads, search, bookmarks, likes, and posting. Use when asked to: (1) get user info or profile, (2)... It is an AI Agent Skill for Claude Code / OpenClaw, with 293 downloads so far.
How do I install X?
Run "/install twitter-api-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is X free?
Yes, X is completely free (open-source). You can download, install and use it at no cost.
Which platforms does X support?
X is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created X?
It is built and maintained by Oliver Drobnik (@odrobnik); the current version is v1.0.0.
More Skills