← Back to Skills Marketplace
oceanswave

frigatebird

by Oceanswave · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1111
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install frigatebird
Description
Use the frigatebird npm package to interact with X from the CLI with bird-style command parity, posting/reply/article support, and list automation without X API keys.
README (SKILL.md)

Frigatebird Skill

Frigatebird is a Playwright-first CLI and npm package (frigatebird) that preserves bird command ergonomics while running against X via browser session cookies.

Use This Skill When

  • The user asks for bird-style CLI workflows on X.
  • The user needs posting/reply/article actions from CLI.
  • The user needs list automation (add, remove, batch, lists).
  • The user needs API-key-free browser-cookie operation.

Package and Install

  • npm package: frigatebird
  • Global install: npm install -g frigatebird
  • Local use: npx frigatebird \x3Ccommand>

Core Workflow

  1. Validate auth/session:
    • frigatebird check
    • frigatebird whoami
  2. Read flows (use JSON when scripting):
    • frigatebird read \x3Ctweet-id-or-url> --json
    • frigatebird search "\x3Cquery>" --json
    • frigatebird home --json
  3. Mutation flows:
    • frigatebird tweet "\x3Ctext>"
    • frigatebird reply \x3Ctweet-id-or-url> "\x3Ctext>"
    • frigatebird article "\x3Ctitle>" "\x3Cbody>"
  4. List automation:
    • frigatebird add "\x3CList Name>" @handle1 @handle2
    • frigatebird remove @handle "\x3CList Name>"
    • frigatebird batch accounts.json
  5. For larger reads, use paging controls:
    • --all, --max-pages, --cursor, -n

Feature Coverage

  • Posting/mutations: tweet, post, reply, article, like, retweet, follow, unfollow, unbookmark
  • Read/timelines: read, replies, thread, search, mentions, user-tweets, home, bookmarks, likes, list-timeline, news, about
  • Identity/health: check, whoami, query-ids, help
  • List automation: add, remove, batch, lists, list, refresh

Options That Matter Most

  • Auth/cookies: --auth-token, --ct0, --cookie-source, --chrome-profile, --firefox-profile
  • Determinism/testing: --base-url, --plain, --no-color
  • Pagination: -n, --all, --max-pages, --cursor, --delay
  • Output: --json, --json-full
  • Media posting: --media, --alt

Live E2E Notes

  • Standard live mutation e2e does not run premium-feature checks by default.
  • Premium-feature e2e opt-in:
    • npm run test:e2e:live -- --list-name \x3Cname> --enable-premium-features-e2e --article-cookie-source chrome --article-expected-handle-prefix \x3Cprefix>

Caveats

  • This tool depends on X web UI selectors; selector drift can break flows.
  • query-ids is retained for command compatibility and does not drive Playwright execution.
  • Some GraphQL-specific behavior from original bird is represented as compatibility flags in Playwright mode.
Usage Guidance
This skill describes a legitimate-sounding use (controlling X via browser cookies instead of API keys), but it has transparency and provenance gaps. Before installing or running anything: 1) Do not run npm install -g frigatebird or npx frigatebird unless you trust the package source—no homepage or repo is provided here. 2) Understand that operation requires session cookies or browser profiles (ct0, cookie files, chrome/firefox profiles). Those are equivalent to account credentials—sharing them or pointing a tool at them can give full account access. 3) If you must use this flow, prefer to run the CLI in a sandboxed environment or inspect the package source code first (look up the npm package, repository, and recent maintainers). 4) Ask the skill author to declare required config paths/credentials in metadata and to provide a repository/homepage and security/privacy notes about how session tokens/cookies are read, stored, and transmitted. Without those, treat installation as risky.
Capability Analysis
Type: OpenClaw Skill Name: frigatebird Version: 1.0.0 The skill bundle is classified as suspicious due to the explicit mention of capabilities to access sensitive browser data. The `SKILL.md` file details options like `--chrome-profile`, `--firefox-profile`, `--cookie-source`, `--auth-token`, and `--ct0` for the `frigatebird` tool. While these are presented as necessary for its stated purpose of 'API-key-free browser-cookie operation' with X, they grant broad access to potentially sensitive user data within browser profiles. This capability, if exploited by a malicious user prompt, could lead to unauthorized data access or exfiltration, even though the skill's instructions themselves do not explicitly command such malicious actions.
Capability Assessment
Purpose & Capability
The name/description match the SKILL.md: this is a Playwright-based CLI that operates against X using browser session cookies rather than API keys. Asking for cookie/profile inputs is consistent with that goal. However, the skill metadata declares no config paths or credentials while the runtime instructions explicitly reference cookie and browser-profile options (e.g., --cookie-source, --chrome-profile, --ct0), so there is a transparency gap about required local access.
Instruction Scope
SKILL.md instructs installing/using the third‑party npm package (npm install -g frigatebird / npx frigatebird) and documents flags that imply reading browser cookies, profile directories, or session tokens. Although it doesn't contain explicit steps like "read ~/.config/..." the presence of --chrome-profile/--cookie-source/--ct0 flags strongly implies access to sensitive local data (cookies/session tokens). The instructions do not limit or explain how those secrets are handled, nor do they declare that you must supply or allow access to them.
Install Mechanism
There is no install spec baked into the skill (instruction-only), which lowers direct platform risk. But the SKILL.md tells users/agents to install an npm package whose source/homepage is absent from the metadata. Installing an unreviewed npm package (global or via npx) can execute arbitrary code on the host. The absence of a repository/homepage or vendored code means the package cannot be audited from this skill bundle.
Credentials
The skill declares no required env vars or config paths, yet documents flags for sensitive tokens and cookie/profile sources (e.g., --auth-token, --ct0, --cookie-source, --chrome-profile). These are highly sensitive (session cookies/tokens) and the skill does not declare that access in metadata nor describe safe handling. That mismatch means users may not realize what credentials or local files are needed or at risk.
Persistence & Privilege
The skill does not request elevated platform privileges, does not set always:true, and does not include an install script in the bundle. It doesn't ask to modify other skills or agent settings. However, because it encourages installing an external npm package, that package could request persistence at install/runtime (outside the scope of this bundle).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install frigatebird
  3. After installation, invoke the skill by name or use /frigatebird
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the frigatebird skill for X CLI workflows. - Enables `bird`-style command-line interaction with X using the frigatebird npm package. - Supports posting, replying, article publishing, and list automation without X API keys. - Offers session-based authentication via browser cookies. - Includes robust tooling for read, mutation, and list management workflows. - Provides essential options for authentication, pagination, and output formatting. - Documents caveats regarding web UI selector drift and compatibility modes.
Metadata
Slug frigatebird
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is frigatebird?

Use the frigatebird npm package to interact with X from the CLI with bird-style command parity, posting/reply/article support, and list automation without X API keys. It is an AI Agent Skill for Claude Code / OpenClaw, with 1111 downloads so far.

How do I install frigatebird?

Run "/install frigatebird" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is frigatebird free?

Yes, frigatebird is completely free (open-source). You can download, install and use it at no cost.

Which platforms does frigatebird support?

frigatebird is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created frigatebird?

It is built and maintained by Oceanswave (@oceanswave); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments