← Back to Skills Marketplace
ryder-mhumble

twitter-ai-kol-fetcher

by Ryder Sun · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
323
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install twitter-ai-kol-fetcher
Description
抓取 Twitter AI 领域 KOL 最新动态、识别热门话题、生成专业内参。触发条件:"抓取 Twitter"、"AI 领域最新动态"、"每天 AI 动态"、"写内参"、"AI 内参"。
Usage Guidance
This skill aims to fetch Twitter KOL tweets and produce LLM-written intelligence reports — that purpose is coherent with calling a Twitter API and an LLM API. However: 1) The registry claims no credentials but the code needs both a Twitter API key and an OpenRouter key; treat that as a red flag until corrected. 2) scripts/01_fetch_kols.py contains a hardcoded Twitter API key — remove or rotate it and do not run code that embeds unknown credentials. 3) SKILL.md promises not to save local files and to send reports to Feishu, but the code saves JSON in /tmp and contains no Feishu-send logic; do not assume private data won’t be stored or transmitted. 4) The repository contains multiple clear coding errors (invalid import syntax referencing filenames starting with digits in scripts/main.py, undefined KOL_LIST in 01_fetch_kols.py), so the code will likely fail or behave unpredictably. Before installing or running: - Do not run on a production machine. Use an isolated environment/VM. - Inspect and remove any hardcoded credentials; supply your own keys only via environment variables or a secure config. - Fix the import/identifier bugs and add explicit, auditable Feishu/webhook code if you want automated delivery. - Decide and document what data is sent to the LLM provider (OpenRouter) — tweets and metadata will be transmitted and may be logged by that service. - Consider rotating any keys that might have been exposed if you accidentally used the embedded default key. If you cannot or will not audit and fix these issues, do not install/run this skill.
Capability Analysis
Type: OpenClaw Skill Name: twitter-ai-kol-fetcher Version: 1.0.1 The skill bundle contains a hardcoded API key for the twitterapi.io service within `scripts/01_fetch_kols.py`, which is a significant security risk. Additionally, the report generation logic in `scripts/03_generate_report.py` is vulnerable to indirect prompt injection because it incorporates unsanitized tweet content directly into LLM prompts. The code also exhibits several functional bugs (e.g., a NameError in the fetcher script) and discrepancies between the stated features in `SKILL.md` (such as Feishu integration) and the actual implementation, suggesting the bundle is poorly vetted or potentially used as a lure.
Capability Assessment
Purpose & Capability
The skill's purpose (fetch Twitter KOL tweets and generate LLM-based reports) justifies using a Twitter API and an LLM service (OpenRouter). However the registry metadata declared no required credentials while the code expects both twitter_api_key and openrouter_api_key (config.json and environment fallback). The code also contains a hardcoded default Twitter API key in scripts/01_fetch_kols.py, which is unexpected and suspicious. The SKILL.md claims the output will be sent to Feishu, but there is no Feishu/HTTP-post/send-to-Feishu implementation in the provided scripts.
Instruction Scope
SKILL.md instructs setting OPENROUTER_API_KEY and not to save local files, but the scripts read config.json and write multiple files under /tmp (kol_tweets_*.json and *_filtered.json). SKILL.md promises 'send to Feishu → delete temp files', but the code only prints reports and lacks Feishu integration. The runtime instructions and the shipped code disagree about persistence and output destinations. The scripts send tweet contents and prompts to openrouter.ai (expected for LLM use), which is consistent with report generation but should be explicit in metadata.
Install Mechanism
No install spec is provided (instruction-only installer), so nothing is downloaded/installed as part of skill installation. That reduces install-time risk. However, the shipped Python scripts will be executed locally and perform network calls, so runtime network risk remains even without an installer.
Credentials
The public metadata lists no required environment variables or primary credential, but the code requires a Twitter API key and an OpenRouter API key (config.json or environment). Worse, scripts/01_fetch_kols.py contains a hardcoded default API_KEY string (new1_7590bc837c4d4104ada0ef3419ab7d6c), which is unexpected and potentially reuses someone else's credential. The number and type of secrets requested are proportionate to the described task, but they must be declared and handled safely — they are not.
Persistence & Privilege
The skill is not marked always:true (good). But SKILL.md explicitly states 'Do not save local files', while scripts persist data to /tmp and to filtered files; this contradiction is important for privacy. The skill does not request permanent platform-wide privileges or modify other skills, but temporary file writes and sending tweet content + context to an external LLM provider are privacy-relevant actions that the user should consent to.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install twitter-ai-kol-fetcher
  3. After installation, invoke the skill by name or use /twitter-ai-kol-fetcher
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Version 1.0.1 - 新增 config.json 配置文件,支持用户以 JSON 格式填写 API Key。 - 优化项目结构,明确将 API Key 管理从脚本和代码中分离到 config.json 文件。 - SKILL.md 补充 config.json 配置方法和格式说明,方便用户初始化和部署。
v1.0.0
twitter-ai-kol-fetcher v1.0.0 - 全面升级抓取流程,扩展 KOL 数量至 82 个,覆盖更广 AI 领域。 - 新增话题聚类功能,合并相关推文,提升报告深度与代表性。 - 模型分离,采用低成本模型判定+高质量模型生成报告,有效控制日常运行成本。 - 支持并行生成多篇报告,交付速度大幅提升。 - 加入防漏抓兜底规则,确保捕捉重点用户、事件与高互动推文。 - 优化报告结构,聚焦核心要点、战略意义与多方观点,输出更专业的内参。
Metadata
Slug twitter-ai-kol-fetcher
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is twitter-ai-kol-fetcher?

抓取 Twitter AI 领域 KOL 最新动态、识别热门话题、生成专业内参。触发条件:"抓取 Twitter"、"AI 领域最新动态"、"每天 AI 动态"、"写内参"、"AI 内参"。 It is an AI Agent Skill for Claude Code / OpenClaw, with 323 downloads so far.

How do I install twitter-ai-kol-fetcher?

Run "/install twitter-ai-kol-fetcher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is twitter-ai-kol-fetcher free?

Yes, twitter-ai-kol-fetcher is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does twitter-ai-kol-fetcher support?

twitter-ai-kol-fetcher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created twitter-ai-kol-fetcher?

It is built and maintained by Ryder Sun (@ryder-mhumble); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments