Description

Posts content and articles to X (Twitter). Custom fork with image upload fix: DOM.setFileInputFiles first, path leak cleanup, post-publish verification. Use...

README (SKILL.md)

\r \r

Post to X (Twitter)\r

Name: Post to X Enhanced
Author: praguepp

\r Posts text, images, videos, and long-form articles to X via real Chrome browser (bypasses anti-bot detection).\r \r

Script Directory\r

\r Important: All scripts are located in the scripts/ subdirectory of this skill.\r \r Agent Execution Instructions:\r

Determine this SKILL.md file's directory path as {baseDir}\r
Script path = {baseDir}/scripts/\x3Cscript-name>.ts\r
Replace all {baseDir} in this document with the actual path\r
Resolve ${BUN_X} runtime: if bun installed → bun; if npx available → npx -y bun; else suggest installing bun\r \r Script Reference:\r | Script | Purpose |\r |--------|---------|\r | scripts/x-browser.ts | Regular posts (text + images) |\r | scripts/x-video.ts | Video posts (text + video) |\r | scripts/x-quote.ts | Quote tweet with comment |\r | scripts/x-article.ts | Long-form article publishing (Markdown) |\r | scripts/md-to-html.ts | Markdown → HTML conversion |\r | scripts/copy-to-clipboard.ts | Copy content to clipboard |\r | scripts/paste-from-clipboard.ts | Send real paste keystroke |\r | scripts/check-paste-permissions.ts | Verify environment & permissions |\r \r

Preferences (EXTEND.md)\r

\r Check EXTEND.md existence (priority order):\r \r

# macOS, Linux, WSL, Git Bash\r
test -f .baoyu-skills/baoyu-post-to-x/EXTEND.md && echo "project"\r
test -f "${XDG_CONFIG_HOME:-$HOME/.config}/baoyu-skills/baoyu-post-to-x/EXTEND.md" && echo "xdg"\r
test -f "$HOME/.baoyu-skills/baoyu-post-to-x/EXTEND.md" && echo "user"\r
```\r
\r
```powershell\r
# PowerShell (Windows)\r
if (Test-Path .baoyu-skills/baoyu-post-to-x/EXTEND.md) { "project" }\r
$xdg = if ($env:XDG_CONFIG_HOME) { $env:XDG_CONFIG_HOME } else { "$HOME/.config" }\r
if (Test-Path "$xdg/baoyu-skills/baoyu-post-to-x/EXTEND.md") { "xdg" }\r
if (Test-Path "$HOME/.baoyu-skills/baoyu-post-to-x/EXTEND.md") { "user" }\r
```\r
\r
┌──────────────────────────────────────────────────┬───────────────────┐\r
│                       Path                       │     Location      │\r
├──────────────────────────────────────────────────┼───────────────────┤\r
│ .baoyu-skills/baoyu-post-to-x/EXTEND.md          │ Project directory │\r
├──────────────────────────────────────────────────┼───────────────────┤\r
│ $HOME/.baoyu-skills/baoyu-post-to-x/EXTEND.md    │ User home         │\r
└──────────────────────────────────────────────────┴───────────────────┘\r
\r
┌───────────┬───────────────────────────────────────────────────────────────────────────┐\r
│  Result   │                                  Action                                   │\r
├───────────┼───────────────────────────────────────────────────────────────────────────┤\r
│ Found     │ Read, parse, apply settings                                               │\r
├───────────┼───────────────────────────────────────────────────────────────────────────┤\r
│ Not found │ Use defaults                                                              │\r
└───────────┴───────────────────────────────────────────────────────────────────────────┘\r
\r
**EXTEND.md Supports**: Default Chrome profile\r
\r
## Prerequisites\r
\r
- Google Chrome or Chromium\r
- `bun` runtime\r
- First run: log in to X manually (session saved)\r
\r
## Pre-flight Check (Optional)\r
\r
Before first use, suggest running the environment check. User can skip if they prefer.\r
\r
```bash\r
${BUN_X} {baseDir}/scripts/check-paste-permissions.ts\r
```\r
\r
Checks: Chrome, profile isolation, Bun, Accessibility, clipboard, paste keystroke, Chrome conflicts.\r
\r
**If any check fails**, provide fix guidance per item:\r
\r
| Check | Fix |\r
|-------|-----|\r
| Chrome | Install Chrome or set `X_BROWSER_CHROME_PATH` env var |\r
| Profile dir | Shared profile at `baoyu-skills/chrome-profile` (see CLAUDE.md Chrome Profile section) |\r
| Bun runtime | `brew install oven-sh/bun/bun` (macOS) or `npm install -g bun` |\r
| Accessibility (macOS) | System Settings → Privacy & Security → Accessibility → enable terminal app |\r
| Clipboard copy | Ensure Swift/AppKit available (macOS Xcode CLI tools: `xcode-select --install`) |\r
| Paste keystroke (macOS) | Same as Accessibility fix above |\r
| Paste keystroke (Linux) | Install `xdotool` (X11) or `ydotool` (Wayland) |\r
\r
## References\r
\r
- **Regular Posts**: See `references/regular-posts.md` for manual workflow, troubleshooting, and technical details\r
- **X Articles**: See `references/articles.md` for long-form article publishing guide\r
\r
---\r
\r
## Post Type Selection\r
\r
Unless the user explicitly specifies the post type:\r
- **Plain text** + within 10,000 characters → **Regular Post** (Premium members support up to 10,000 characters, non-Premium: 280)\r
- **Markdown file** (.md) → **X Article**\r
\r
## Regular Posts\r
\r
```bash\r
${BUN_X} {baseDir}/scripts/x-browser.ts "Hello!" --image ./photo.png\r
```\r
\r
**Parameters**:\r
| Parameter | Description |\r
|-----------|-------------|\r
| `\x3Ctext>` | Post content (positional) |\r
| `--image \x3Cpath>` | Image file (repeatable, max 4) |\r
| `--profile \x3Cdir>` | Custom Chrome profile |\r
\r
**Note**: Script opens browser with content filled in. User reviews and publishes manually.\r
\r
---\r
\r
## Video Posts\r
\r
Text + video file.\r
\r
```bash\r
${BUN_X} {baseDir}/scripts/x-video.ts "Check this out!" --video ./clip.mp4\r
```\r
\r
**Parameters**:\r
| Parameter | Description |\r
|-----------|-------------|\r
| `\x3Ctext>` | Post content (positional) |\r
| `--video \x3Cpath>` | Video file (MP4, MOV, WebM) |\r
| `--profile \x3Cdir>` | Custom Chrome profile |\r
\r
**Note**: Script opens browser with content filled in. User reviews and publishes manually.\r
\r
**Limits**: Regular 140s max, Premium 60min. Processing: 30-60s.\r
\r
---\r
\r
## Quote Tweets\r
\r
Quote an existing tweet with comment.\r
\r
```bash\r
${BUN_X} {baseDir}/scripts/x-quote.ts https://x.com/user/status/123 "Great insight!"\r
```\r
\r
**Parameters**:\r
| Parameter | Description |\r
|-----------|-------------|\r
| `\x3Ctweet-url>` | URL to quote (positional) |\r
| `\x3Ccomment>` | Comment text (positional, optional) |\r
| `--profile \x3Cdir>` | Custom Chrome profile |\r
\r
**Note**: Script opens browser with content filled in. User reviews and publishes manually.\r
\r
---\r
\r
## X Articles\r
\r
Long-form Markdown articles (requires X Premium).\r
\r
```bash\r
${BUN_X} {baseDir}/scripts/x-article.ts article.md\r
${BUN_X} {baseDir}/scripts/x-article.ts article.md --cover ./cover.jpg\r
```\r
\r
**Parameters**:\r
| Parameter | Description |\r
|-----------|-------------|\r
| `\x3Cmarkdown>` | Markdown file (positional) |\r
| `--cover \x3Cpath>` | Cover image |\r
| `--title \x3Ctext>` | Override title |\r
\r
**Frontmatter**: `title`, `cover_image` supported in YAML front matter.\r
\r
**Note**: Script opens browser with article filled in. User reviews and publishes manually.\r
\r
**Post-Composition Check**: The script automatically verifies after all images are inserted:\r
- Remaining `XIMGPH_` placeholders in editor content\r
- Expected vs actual image count\r
\r
If the check fails (warnings in output), alert the user with the specific issues before they publish.\r
\r
---\r
\r
## Troubleshooting\r
\r
### Chrome debug port not ready\r
\r
If a script fails with `Chrome debug port not ready` or `Unable to connect`, kill existing Chrome CDP instances first, then retry:\r
\r
```bash\r
pkill -f "Chrome.*remote-debugging-port" 2>/dev/null; pkill -f "Chromium.*remote-debugging-port" 2>/dev/null; sleep 2\r
```\r
\r
**Important**: This should be done automatically — when encountering this error, kill Chrome CDP instances and retry the command without asking the user.\r
\r
## Notes\r
\r
- First run: manual login required (session persists)\r
- All scripts only fill content into the browser, user must review and publish manually\r
- Cross-platform: macOS, Linux, Windows\r
\r
## Extension Support\r
\r
Custom configurations via EXTEND.md. See **Preferences** section for paths and supported options.\r

Usage Guidance

What this skill will do if you install/run it: it will launch a real Chrome instance, create/use a Chrome profile directory (can create files under your home/config), copy images or HTML into the system clipboard, and send real paste keystrokes (osascript / xdotool / PowerShell) which requires granting Accessibility/clipboard permissions on macOS/other OS-level abilities on Linux/Windows. It does download remote images over HTTPS when publishing articles. It does not ask for API keys or cloud credentials. Before installing: (1) confirm you trust the skill source (the README links to a GitHub repo), (2) prefer using an isolated Chrome profile (the skill supports creating one) rather than your main browser profile, (3) review/approve Accessibility permission prompts and understand that clipboard contents will be overwritten during operations, and (4) run the provided pre-flight check script (check-paste-permissions.ts) first. If you are concerned about local automation or data exposure, run the skill in a VM/container or inspect the scripts yourself — the code is bundled and readable in this package.

Capability Analysis

Type: OpenClaw Skill Name: baoyu-post-to-x-enhanced Version: 3.0.0 The bundle provides a sophisticated automation suite for posting to X (Twitter) by controlling a Chrome browser via the Chrome DevTools Protocol (CDP). To bypass anti-bot detection, it employs several high-risk techniques, including simulating system-level keystrokes using `osascript` (macOS) and PowerShell (Windows) in `paste-from-clipboard.ts`, and directly manipulating the system clipboard via on-the-fly compiled Swift code in `copy-to-clipboard.ts`. The scripts (e.g., `x-browser.ts`, `x-article.ts`) manage persistent Chrome profiles and access session cookies for verification. While these capabilities are aligned with the stated purpose of reliable automated publishing, the use of system-level automation, clipboard manipulation, and the ability to read local files based on path detection represent significant security risks. No evidence of intentional malice or data exfiltration was found.

Capability Tags

cryptoposts-externally

Capability Assessment

✓ Purpose & Capability

Name/description (posting to X via Chrome CDP) align with the included scripts. Required runtimes (bun or npx), Chrome, and OS automation tooling (osascript/swift/xdotool/ydotool) are reasonable and expected for a browser-automation posting tool.

ℹ Instruction Scope

SKILL.md instructs the agent to run TypeScript scripts from the skill folder which will launch Chrome, manipulate the DOM via CDP, copy/paste to the system clipboard, and may download remote images (HTTPS only). The runtime instructions explicitly require Accessibility permissions (macOS) and will create/use a persistent Chrome profile directory. These actions are within the scope of publishing to X but do involve system-level automation (clipboard, keystrokes, profile directories) that users should be aware of.

✓ Install Mechanism

This is instruction-only (no installer). All code is bundled with the skill; there are no downloads from unknown servers during install. The package uses local Node/Bun execution and bundled vendor code, so install risk is low.

ℹ Credentials

The skill does not request secrets or cloud credentials. It does rely on many local tools (swift, osascript, xdotool/ydotool, pgrep/ps) and will read/write Chrome profile directories (and checks for DevToolsActivePort in user Chrome dirs). Access to the Chrome profile filesystem and the system clipboard is proportionate to the functionality but is sensitive — using an isolated profile is recommended.

✓ Persistence & Privilege

always:false and default model invocation are used. The skill launches Chrome with detached:true (so Chrome can outlive the parent process) and creates/uses a profile directory under user data; this is expected for persistent login but not an elevated platform privilege beyond normal file creation and launching processes.

Version History

v3.0.0

Version 3.0.0 - Added README.md, clawhub.json, and skill.json for improved documentation and integration. - Updated SKILL.md with clarified instructions and minor corrections. - Modified scripts in scripts/ for bug fixes and usability improvements. - Removed scripts/package-lock.json for streamlined dependency management.

v2.0.0

**Major update with improved image upload reliability, path handling, and post verification.** - Fixed image upload: uses DOM.setFileInputFiles first for better success on X (Twitter). - Improved privacy: cleaned up potential file path leaks during posting. - Added post-publish verification to warn if images or placeholders are missing before publishing. - Enhanced troubleshooting: automatically kills conflicting Chrome debug instances and retries on failure. - Updated documentation with clearer instructions, script directory structure, environment checks, and configuration locations.

Metadata

Slug baoyu-post-to-x-enhanced

Version 3.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Post to X Enhanced?

Posts content and articles to X (Twitter). Custom fork with image upload fix: DOM.setFileInputFiles first, path leak cleanup, post-publish verification. Use... It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.

How do I install Post to X Enhanced?

Run "/install baoyu-post-to-x-enhanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Post to X Enhanced free?

Yes, Post to X Enhanced is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Post to X Enhanced support?

Post to X Enhanced is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Post to X Enhanced?

It is built and maintained by praguepp (@praguepp); the current version is v3.0.0.

More Skills

Post to X Enhanced