← Back to Skills Marketplace
X Api
by
lobstergeneralintelligence
· GitHub ↗
· v0.1.0
7417
Downloads
45
Stars
64
Active Installs
1
Versions
Install in OpenClaw
/install x-api
Description
Post to X (Twitter) using the official API with OAuth 1.0a. Use when you need to tweet, post updates, or publish content. Bypasses rate limits and bot detection that affect cookie-based approaches like bird CLI.
Usage Guidance
Install only if you want an agent to have practical ability to post from your X account. Review every post text yourself before running it, keep X tokens locked down, remove unexpected .x-api.json files from project directories, and consider pinning the npm dependency before use.
Capability Analysis
Type: OpenClaw Skill
Name: x-api
Version: 0.1.0
The OpenClaw AgentSkills skill bundle for 'x-api' is benign. Its stated purpose is to post to X (Twitter) using the official API. The `SKILL.md` and `scripts/x-post.mjs` clearly outline the need for X API credentials, which are loaded from environment variables or a designated secrets file (`~/.clawdbot/secrets/x-api.json`). The core script uses the legitimate `twitter-api-v2` library to interact with the X API. There is no evidence of data exfiltration beyond the intended API calls, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or suspicious dependencies.
Capability Assessment
Purpose & Capability
The purpose is coherent and disclosed: posting to X through the official API. The capability is high-impact because it publishes public, account-affecting content from the authenticated account.
Instruction Scope
The runtime script posts the provided text immediately via client.v2.tweet(text); the artifacts do not show a preview, dry run, confirmation prompt, or approval gate before posting.
Install Mechanism
Installation is manual and uses the purpose-aligned twitter-api-v2 npm package, but the dependency is specified with a caret range and no lockfile is included in the artifact.
Credentials
Write-capable X API credentials are expected for the skill's purpose, but the script also reads a current-directory .x-api.json credential file that is not documented in the setup instructions, making credential source selection under-disclosed.
Persistence & Privilege
No background service, self-starting persistence, or destructive local mutation was found; however, setup encourages storing long-lived X API tokens locally in ~/.clawdbot/secrets/x-api.json.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install x-api - After installation, invoke the skill by name or use
/x-api - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of x-api: post tweets to X (Twitter) using the official API with OAuth 1.0a.
- Bypasses rate limits and bot detection—more reliable than cookie-based CLI tools.
- Clear setup instructions for obtaining and configuring API credentials.
- Supports multi-line tweet posts and returns the tweet URL on success.
- Specifies API usage limits, troubleshooting steps, and distinguishes use cases vs. the bird CLI for reading.
Metadata
Frequently Asked Questions
What is X Api?
Post to X (Twitter) using the official API with OAuth 1.0a. Use when you need to tweet, post updates, or publish content. Bypasses rate limits and bot detection that affect cookie-based approaches like bird CLI. It is an AI Agent Skill for Claude Code / OpenClaw, with 7417 downloads so far.
How do I install X Api?
Run "/install x-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is X Api free?
Yes, X Api is completely free (open-source). You can download, install and use it at no cost.
Which platforms does X Api support?
X Api is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created X Api?
It is built and maintained by lobstergeneralintelligence (@lobstergeneralintelligence); the current version is v0.1.0.
More Skills