← Back to Skills Marketplace
1081
Downloads
3
Stars
6
Active Installs
18
Versions
Install in OpenClaw
/install xint
Description
X Intelligence CLI — search, analyze, and engage on X/Twitter from the terminal. Use when: (1) user says "x research", "search x for", "search twitter for",...
Usage Guidance
This package appears to be a full-featured X/Twitter CLI (search, watch, OAuth, xAI analysis) and the code and README substantiate that. However: (1) the platform metadata claims 'instruction-only' and 'no required env vars' while SKILL.md and the code require an X_BEARER_TOKEN and optionally xAI and OAuth keys — treat that mismatch as a red flag; (2) the repo includes an installer (install.sh) and many code files, so don't assume it's a lightweight instruction-only skill; (3) a prompt-injection pattern was flagged in SKILL.md — audit agent-facing instruction text if you plan to let an automated agent use this skill. Recommended steps before installing/using: verify the upstream GitHub repository and owner, inspect install.sh and xint.ts locally (don't run curl|bash blindly), confirm the code only calls the documented X/xAI endpoints (api.x.com, x.com, api.x.ai), run in an isolated environment or container, never provide credentials to unknown hosts, set XINT_MCP_AUTH_TOKEN before enabling MCP on non-loopback hosts, and prefer manual invocation rather than granting autonomous model invocation until you are satisfied with the code and metadata alignment.
Capability Analysis
Type: OpenClaw Skill
Name: xint
Version: 2026.2.26
The xint skill bundle is a highly sophisticated and well-engineered CLI tool for X (Twitter) intelligence and research. It features robust integrations with the X API v2 and xAI's Grok models, including an MCP server for AI agent interaction. Security practices are consistently applied throughout the codebase: OAuth tokens are stored with restrictive permissions (chmod 600 in lib/oauth.ts), remote webhooks are restricted to HTTPS with optional host allowlisting (lib/webhook-security.ts), and the MCP server enforces authentication for non-loopback connections (lib/mcp.ts). The logic is transparent, well-tested, and strictly aligned with the stated purpose of OSINT and engagement.
Capability Assessment
Purpose & Capability
SKILL.md, README, and the included TypeScript code implement an X/Twitter CLI (search, watch, OAuth, Grok AI integration, MCP server), which is coherent with the stated purpose. However the registry metadata at the top of the submission claims 'instruction-only' with no required env vars / credentials while SKILL.md and the code require X_BEARER_TOKEN (primary) and optionally XAI_API_KEY, X_CLIENT_ID, and others. That mismatch between declared requirements and actual files is a packaging/metadata inconsistency that could mislead installers.
Instruction Scope
The SKILL.md instructs agents and users to set X_BEARER_TOKEN, run Bun scripts, start an optional local MCP server, and may write caches/exports/oauth tokens to data/. Those instructions stay within the CLI's stated scope, and they explicitly call out security controls (chmod 600, webhook allowlists). However SKILL.md is agent-facing (tells AI agents to read and run commands) and a pre-scan detected a 'system-prompt-override' pattern in the SKILL.md — while the file content shown does not contain an explicit malicious system-prompt string, the presence of that pattern raises caution about prompt-injection style guidance embedded for agents.
Install Mechanism
There is no 'install spec' in the registry, but the repository includes an install.sh installer that downloads a GitHub release tarball and extracts it (uses GitHub releases and verifies checksums if available). Downloading from GitHub releases is a standard pattern (lower risk than arbitrary URLs), but the initial top-level metadata claiming 'instruction-only' contradicts the presence of this installer and many code files — the mismatch is noteworthy and increases risk if users expect no code execution. The README also suggests curl|bash install from raw.githubusercontent which is a higher-risk installation pattern; the script itself is reasonably defensive (checksum checks optional).
Credentials
The required credentials listed in SKILL.md (X_BEARER_TOKEN required; XAI_API_KEY, X_CLIENT_ID, XAI_MANAGEMENT_API_KEY optional) are proportional to the described features (API search, OAuth write actions, xAI analysis). However the registry summary that was supplied to the platform omitted these required env vars and primary credential, creating an inconsistency: the platform metadata claims 'none' while the skill code and SKILL.md require secrets. That discrepancy is a significant red flag because security decisions (scoping, review) may rely on accurate metadata.
Persistence & Privilege
The skill does not request 'always: true' and SKILL.md indicates network endpoints are limited to X and xAI endpoints. It optionally runs an MCP server (local by default binding to loopback) and stores data under its own data/ directory; OAuth tokens are stored locally with advised restrictive permissions. Those behaviors are normal for a CLI of this kind. Because the skill can be used as an agent tool (MCP), ensure the MCP server is only bound to loopback or protected with a strong XINT_MCP_AUTH_TOKEN if exposed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xint - After installation, invoke the skill by name or use
/xint - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2026.2.26
xint 2026.2.26
- Major internal expansion: 10 new modules added for analytics, timeline, growth, users, completions, and more.
- Improved documentation: Updated usage info and expanded supported user intents, including Obsidian bookmark sync.
- Various enhancements to reporting, sentiment analysis, formatting, and user engagement features.
- Old security scan report removed; package metadata updated.
- Numerous stability, collection handling, and API integration improvements.
v2026.2.25
xint 2026.2.25
- Added GitHub workflow and configuration files for CI, release draft, security auditing, and nightly regression.
- Introduced a dedicated error handling module (`lib/errors.ts`).
- Expanded documentation and security notices in SKILL.md.
- Updated install and release scripts with improvements.
- Refactored and enhanced core libraries for action results, billing, cost tracking, and Grok/AI integration.
- Improved environment variable and credential management logic.
v2026.2.24
Fix X native article fetch: use tweet.fields=article API field instead of Grok web_search
v2026.2.20-2
Release v2026.2.20.2
v2026.2.19-3
Release v2026.2.19.3
v2026.2.19-2
Release v2026.2.19.2
v2026.2.19-1
Release v2026.2.19.1
v2026.2.18-11
Release v2026.2.18.11
v2026.2.18-10
Release v2026.2.18.10
v2026.2.18-9
Release v2026.2.18.9
v2026.2.18-8
Release v2026.2.18.8
v2026.2.18-3
Release v2026.2.18.3
v2026.2.18-2
Release v2026.2.18.2
v2026.2.18
Release v2026.2.18
v2026.2.17
Phase 2: Article AI analysis + security docs
v3.1.0
Phase 2: Article AI analysis + security docs
v3.0.0
xint 3.0.0
- Added `article` command to fetch and extract full article content from any URL using xAI's web_search tool.
- Search results now display article titles and descriptions when available, helping users decide which articles to read in full.
- Documented required credentials and scopes for all features in SKILL.md.
- Added multiple new files including article extraction module, example watchlist, API reference, and scripts for xAI integrations.
- Improved documentation with enhanced usage examples, full credential descriptions, and best practices for agent usage.
- Internal refactor and expansion of the codebase to support new features and better organization.
v0.1.0
xint 0.1.0 — Initial Release
- Introduces the X Intelligence CLI for searching, analyzing, and engaging with X/Twitter data from the terminal.
- Supports powerful search with advanced filters (by likes, impressions, recency, author, etc.) and research-friendly exports (CSV, JSON, Markdown).
- Adds commands for fetching user profiles, tweet threads, and single tweet details.
- Enables real-time topic monitoring, trending topic search by location, follower tracking, and cost tracking.
- Built-in Grok AI analysis: both on-demand queries and sentiment analysis of tweets.
- Full bookmark, like, and following management (requires OAuth).
- Integrates with xAI Collections for report archiving and semantic search.
- All functionality accessible via documented CLI, with flexible output and automation options.
Metadata
Frequently Asked Questions
What is Xint?
X Intelligence CLI — search, analyze, and engage on X/Twitter from the terminal. Use when: (1) user says "x research", "search x for", "search twitter for",... It is an AI Agent Skill for Claude Code / OpenClaw, with 1081 downloads so far.
How do I install Xint?
Run "/install xint" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Xint free?
Yes, Xint is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Xint support?
Xint is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Xint?
It is built and maintained by 0xNyk (@0xnyk); the current version is v2026.2.26.
More Skills