← Back to Skills Marketplace
bibaofeng

twitter-post-aisa

by bibaofeng · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
87
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install twitter-post-aisa
Description
Search, post, like, follow, and engage with Twitter/X content via AISA relay using OAuth-approved API actions with no password sharing.
Usage Guidance
Key points before installing or running this skill: - Trust the relay: All network calls (including media uploads and OAuth flows) go to https://api.aisa.one — verify you trust that service and its privacy/security practices before providing an AISA_API_KEY or uploading media. - Environment mismatch: The registry summary claims no required env vars/binaries, but SKILL.md and the Python scripts require python3 and AISA_API_KEY. Expect the skill to fail unless you export AISA_API_KEY; treat that value as a secret (Bearer token). - OAuth scope and approvals: The skill will request OAuth authorization to act on your behalf for posting/engagement. Carefully review the OAuth consent screens and granted scopes — revoke access if you see unexpected permissions. - Media handling: If you attach local images/videos, the skill will read the workspace file paths and upload them to the relay as multipart/form-data. Do not upload sensitive files you wouldn't want sent to the relay. - Source provenance: Owner and homepage are unknown/absent. If you need higher assurance, ask the publisher for source provenance (repo, maintainer contact) and confirm the relay operator (aisa.one) is legitimate. - Operational note: Because this skill can post/engage via OAuth, only grant it the minimum permissions you are comfortable with and prefer receiving an authorization URL (do not auto-open the browser) unless you explicitly want local browser flow. If you want help: I can extract the exact places the code reads env vars and the list of endpoints it calls, or draft questions to ask the publisher to improve provenance and metadata before you install.
Capability Analysis
Type: OpenClaw Skill Name: twitter-post-aisa Version: 1.0.1 The skill bundle provides a legitimate interface for interacting with Twitter/X via the AISA relay API (api.aisa.one). It includes scripts for reading data (twitter_client.py), performing engagement actions like following and liking (twitter_engagement_client.py), and handling OAuth-based posting with media support (twitter_oauth_client.py). The code uses standard Python libraries, lacks obfuscation, and explicitly avoids sensitive local data like browser cookies or passwords, relying instead on a provided AISA_API_KEY. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentialsposts-externally
Capability Assessment
Purpose & Capability
The name, description, SKILL.md, and included Python clients consistently implement read, OAuth posting, and engagement actions against a relay at api.aisa.one — this is coherent with the stated purpose. However, the registry-level metadata provided earlier (which claimed no required env vars or binaries) contradicts SKILL.md and the code that require python3 and AISA_API_KEY; that mismatch is an incoherence.
Instruction Scope
SKILL.md and the reference docs specify only the expected actions: read, search, request OAuth authorization, publish, and engagement. The runtime instructions explicitly require AISA_API_KEY, use the included scripts, and instruct using local workspace media paths; they do not instruct reading arbitrary local files, cookies, or unrelated secrets.
Install Mechanism
There is no install spec (instruction-only release with bundled scripts). No external downloads or installers are executed by the skill itself. The risk is limited to shipping and running the included Python scripts locally.
Credentials
The Python code and SKILL.md expect AISA_API_KEY and python3 (SKILL.md declares primaryEnv: AISA_API_KEY), but the registry summary at the top claims no required env vars or primary credential — this mismatch is unexplained. Aside from AISA_API_KEY, the code does not request extra unrelated credentials. Note: AISA_API_KEY is a bearer secret for the relay and should be treated as sensitive.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or modify other skill configs. It may open a local browser optionally during OAuth (explicit option), but otherwise relies on returning authorization links and the relay. Autonomous invocation is permitted (platform default) but not combined with always: true.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install twitter-post-aisa
  3. After installation, invoke the skill by name or use /twitter-post-aisa
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Updated metadata in SKILL.md for clarity and compliance, including author, user-invocable flag, and file lists. - Reorganized project structure: all runtime scripts and documentation references moved into scripts/ and references/ directories. - Dropped non-runtime and metadata files; kept only executable and reference components needed for operation. - No changes to core Python client code or Twitter/X API logic.
v1.0.0
- Initial release enabling Twitter/X search, posting, likes, follows, and related engagement via the AISA relay. - Supports both read-only and OAuth-authorized write/engage actions without requiring passwords or cookies. - Includes Python clients for search, posting, and engagement workflows. - All API calls route securely through `api.aisa.one` using the required `AISA_API_KEY` environment variable. - Designed for safe use in OpenClaw environments with bundled runtime scripts and clear security boundaries.
Metadata
Slug twitter-post-aisa
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is twitter-post-aisa?

Search, post, like, follow, and engage with Twitter/X content via AISA relay using OAuth-approved API actions with no password sharing. It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.

How do I install twitter-post-aisa?

Run "/install twitter-post-aisa" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is twitter-post-aisa free?

Yes, twitter-post-aisa is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does twitter-post-aisa support?

twitter-post-aisa is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created twitter-post-aisa?

It is built and maintained by bibaofeng (@bibaofeng); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments