← Back to Skills Marketplace
83
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install twitter-automation-suite
Description
Twitter/X 自动化运营套件。自动发推、监控关键词、批量回复、AI 生成推文内容。适合社交媒体运营、账号增长、竞品监控。
Usage Guidance
Proceed with caution. The post.js script does perform browser automation and needs your Twitter username/password in a .env — only use these credentials if you absolutely trust the source and prefer browser-driven automation over OAuth/API tokens. The package advertises monitoring/reply/analysis features but the corresponding scripts are missing; this indicates the package is incomplete or poorly maintained. Before installing: (1) prefer OAuth/API tokens (twitter-api) or app-specific credentials instead of your primary password; (2) inspect any missing scripts if the publisher supplies updates — they could change behavior; (3) run in an isolated environment or throwaway account if you want to test; (4) verify the package author and repository (there's no homepage/source) and ask the publisher why metadata doesn't declare required env vars and why some dependencies and scripts are unused. If you are unsure, do not supply primary account credentials.
Capability Analysis
Type: OpenClaw Skill
Name: twitter-automation-suite
Version: 1.0.0
The bundle provides Twitter automation via Puppeteer but contains high-risk patterns and potential vulnerabilities. It requires users to store plaintext credentials (including passwords) in a .env file and executes Puppeteer with the --no-sandbox flag in scripts/post.js, which bypasses critical browser security layers. Furthermore, index.js passes unsanitized command-line arguments directly to child_process.spawn, creating a potential argument injection vulnerability. While no explicit data exfiltration or malicious intent was detected, the handling of sensitive credentials and insecure execution patterns warrant caution.
Capability Assessment
Purpose & Capability
Name/description (Twitter automation) aligns with the provided post.js which uses puppeteer to log in and post. However package.json and SKILL.md list additional dependencies (playwright, twitter-api-v2, node-cron, OpenAI) and commands (monitor, reply, analyze) whose implementation files are missing. Registry metadata declares no required env vars while SKILL.md asks for TWITTER_USERNAME/PASSWORD/EMAIL and optional OPENAI_API_KEY. These mismatches suggest sloppy packaging or incomplete/changed code.
Instruction Scope
SKILL.md instructs installing several packages and storing account credentials in a .env; index.js enforces a .env file and spawns scripts. The post flow (post.js) reads TWITTER_USERNAME/PASSWORD/EMAIL via dotenv and automates browser login — coherent for browser-based automation. But SKILL.md promises monitoring, auto-reply and analysis features; index.js references monitor.js/auto-reply/analyze scripts that are not present in the bundle, so the instructions overpromise and the runtime behavior could differ if those files are added later.
Install Mechanism
There is no formal install spec; SKILL.md asks users to run npm install for listed packages. Dependencies are typical for browser automation (puppeteer, dotenv) though twitter-api-v2 and playwright are present but unused in the included code. No external URL downloads or archives are used. Installing heavy packages like puppeteer is expected but increases attack surface if packages are malicious or compromised.
Credentials
The skill requires direct Twitter credentials (username/password/email) per SKILL.md and post.js, but the registry metadata does not declare any required env vars — an incoherence. Requesting account credentials is proportionate to a puppeteer-based login approach but is sensitive: storing plaintext account passwords in .env and giving them to third-party code is risky. SKILL.md also asks for an OPENAI_API_KEY which is not used by the included scripts, another unexplained requested secret.
Persistence & Privilege
always is false and disable-model-invocation is default; the skill does not request elevated platform privileges. It spawns child processes and launches a browser (puppeteer) which is expected for this functionality but increases local resource usage. The bundle does not attempt to modify other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install twitter-automation-suite - After installation, invoke the skill by name or use
/twitter-automation-suite - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Twitter/X 自动化运营套件首发上线。
- 支持自动发推(文字、图片、线程)、定时与批量发布
- 提供关键词/hashtag 监控与实时推文通知
- 实现关键词触发的自动回复,支持 AI 生成和多模板管理
- 包含账号分析:粉丝增长、互动数据和热门内容统计
- 提供详细的命令说明与安全建议
- 支持与 cron 搭配实现定时发推
Metadata
Frequently Asked Questions
What is Twitter Automation Suite?
Twitter/X 自动化运营套件。自动发推、监控关键词、批量回复、AI 生成推文内容。适合社交媒体运营、账号增长、竞品监控。 It is an AI Agent Skill for Claude Code / OpenClaw, with 83 downloads so far.
How do I install Twitter Automation Suite?
Run "/install twitter-automation-suite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Twitter Automation Suite free?
Yes, Twitter Automation Suite is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Twitter Automation Suite support?
Twitter Automation Suite is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Twitter Automation Suite?
It is built and maintained by CJstate (@cjstate); the current version is v1.0.0.
More Skills