← Back to Skills Marketplace
X Tweet Fetcher
by
rightister
· GitHub ↗
· v1.4.0
· MIT-0
219
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install rightister-x-tweet-fetcher
Description
Fetch tweets, replies, and user timelines from X/Twitter without login or API keys. Also supports Chinese platforms (Weibo, Bilibili, CSDN, WeChat). Includes...
Usage Guidance
This skill largely does what it claims (scrapes X and some Chinese sites), but caution is warranted:
- Hidden/undeclared capabilities: The code can read environment variables (e.g., SOGOU_SSH_HOST, TWEET_GROWTH_*), write to local queue/result files, and perform scp/ssh to remote hosts. None of those env vars or config paths are declared in the SKILL.md/metadata. Treat those as surprising capabilities you should double-check before enabling.
- SSH/remote execution: If you set SOGOU_SSH_HOST (or use the 'via-ssh' feature), the skill will copy a script to that host and run it via ssh. Only point it at hosts you fully control/trust and understand that your SSH keys will be used for remote execution.
- Router queue files: The 'via-router' mode writes commands to and reads results from files (defaults to /root/router-agent/*). Do not enable that unless you know what service/process is on the other end; misconfigured paths could lead to unexpected file writes or interference with system services.
- Camofox dependency: The optional Camofox browser is described as an anti-detection tool; installing or running it increases risk and should be audited separately (it's a 3rd-party project outside OpenClaw). The skill assumes a local HTTP API at localhost:9377 — verify that endpoint before connecting it to this skill.
- Safe usage recommendations: run this skill in a sandbox/container or non-privileged account, review/grep the code for any operations you find unsafe (file paths, subprocess calls, scp/ssh), and avoid setting env vars like SOGOU_SSH_HOST unless necessary. If you plan to use the router/SSH features, inspect and control the remote host and any router-agent processes first. If you need full assurance, ask the publisher for the canonical upstream source and review it; if you can't verify the Camofox/Camoufox components, avoid enabling the browser-dependent features.
Capability Analysis
Type: OpenClaw Skill
Name: rightister-x-tweet-fetcher
Version: 1.4.0
The skill bundle provides extensive social media scraping capabilities but includes highly risky system-level interactions. Specifically, 'scripts/sogou_wechat.py' and 'scripts/fetch_china.py' contain functions to execute arbitrary commands on remote hosts via SSH ('sogou_wechat_search_via_ssh') and interact with a command queue located in a sensitive system path ('/root/router-agent/cmd-queue'). While these are documented as methods to bypass IP-based rate limits using home routers or proxies, they function as primitives for remote code execution (RCE) and lateral movement. The bundle also includes a background version checker ('scripts/version_check.py') that connects to GitHub.
Capability Assessment
Purpose & Capability
The skill's primary purpose (fetch tweets and Chinese-platform content) aligns with most included code (fetch_tweet.py, fetch_china.py, camofox_client.py). However, several capabilities in the codebase go beyond the documented/declared requirements: e.g., sogou_wechat supports 'via-router' (writing to router queue/result files) and 'via-ssh' (scp/ssh to a remote host). The metadata and SKILL.md declare no required env vars or config paths, yet the code reads environment variables (SOGOU_SSH_HOST, ROUTER_CMD_QUEUE/RESULT/OUTPUT, TWEET_GROWTH_* envvars) and uses absolute paths such as /root/router-agent/*. Those extras are not justified in the SKILL.md and are disproportionate to a simple tweet fetcher.
Instruction Scope
SKILL.md describes running Python scripts and optionally running Camofox on localhost. It does not document writing to local router queue/result files or using SSH to execute remote code. The code, however, will: write a curl command into a queue file, poll result/output files, spawn subprocesses, create temporary Python scripts, scp them to a remote SSH host and run them, and read/write local cache/data files under home (~/.tweet-growth, ~/.x-tweet-fetcher). Those file and subprocess operations are broader than the instructions suggest and can lead to surprising behavior or privilege use on the host.
Install Mechanism
No install spec in the skill bundle (instruction-only). The SKILL.md recommends installing a 3rd-party 'Camofox' project either via an OpenClaw plugin or git clone (GitHub). That is expected for a scraper that needs a browser render service; the skill itself contains Python code only and does not download arbitrary binary blobs. Still, using/launching an anti-detection browser (Camofox/Camoufox) is a higher-risk external dependency and the SKILL.md points users to third-party repos they should audit.
Credentials
metadata.json and SKILL.md declare no required environment variables, but code reads several env/config values: TWEET_GROWTH_DATA and TWEET_GROWTH_DISCOVER_CACHE (growth_config.py), SOGOU_SSH_HOST (sogou_wechat.py), and ROUTER_CMD_QUEUE / ROUTER_CMD_RESULT / ROUTER_CMD_OUTPUT defaults (sogou_wechat.py) among others. The SSH/router features are optional in code but can be enabled by environment variables; they require SSH access or control of local router agent files — powerful capabilities not disclosed in the skill's declared requirements.
Persistence & Privilege
The skill does not request 'always:true' and appears to be user-invocable only. It stores local caches and data under user home (e.g., ~/.tweet-growth, ~/.x-tweet-fetcher) which is reasonable. But the code also defaults to writing/reading files under absolute paths (/root/router-agent/...) when using the 'via-router' feature and will create temporary scripts and SCP/SSH them to remote hosts when 'via-ssh' is used. Those behaviors can modify system files or interact with remote systems and increase privilege/persistence risk beyond what the SKILL.md documents.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rightister-x-tweet-fetcher - After installation, invoke the skill by name or use
/rightister-x-tweet-fetcher - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.0
**X-Tweet-Fetcher 1.4.0 adds X-Tracker for tweet growth monitoring and enhances docs.**
- Introduces the X-Tracker feature to monitor tweet growth and detect viral bursts (no dependencies required).
- Expands documentation with detailed usage, feature/command tables, and Camofox setup instructions.
- Updates support for Chinese platforms (Weibo, Bilibili, CSDN, WeChat).
- Adds `camofox_search()` for zero-cost Google search without API keys.
- Clarifies output formats and advanced options requiring Camofox.
Metadata
Frequently Asked Questions
What is X Tweet Fetcher?
Fetch tweets, replies, and user timelines from X/Twitter without login or API keys. Also supports Chinese platforms (Weibo, Bilibili, CSDN, WeChat). Includes... It is an AI Agent Skill for Claude Code / OpenClaw, with 219 downloads so far.
How do I install X Tweet Fetcher?
Run "/install rightister-x-tweet-fetcher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is X Tweet Fetcher free?
Yes, X Tweet Fetcher is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does X Tweet Fetcher support?
X Tweet Fetcher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created X Tweet Fetcher?
It is built and maintained by rightister (@rightister); the current version is v1.4.0.
More Skills