← Back to Skills Marketplace
twitterapi-io
by
dorukardahan
· GitHub ↗
· v3.8.5
· MIT-0
1147
Downloads
1
Stars
0
Active Installs
20
Versions
Install in OpenClaw
/install twitterapi-io
Description
Interact with Twitter/X via TwitterAPI.io — search tweets, get user info, post tweets, like, retweet, follow, send DMs, and more. Covers all 67 active endpoi...
Usage Guidance
This skill appears to implement what it claims (TwitterAPI.io endpoints) but the package metadata fails to declare the sensitive inputs it actually needs. Before installing: 1) confirm the registry/provider will require you to supply TWITTERAPI_IO_KEY (X-API-Key) and that this will be stored/used securely; 2) understand that write operations need login_cookies (session cookie from login) and a residential proxy (credentials), both of which are highly sensitive — do not paste them into public chats or unsecured logs; 3) be cautious calling endpoints that send login_cookies in GET query params (they can end up in logs/urls); 4) verify the skill author/source and prefer official Twitter/X APIs if you need long-running write access; and 5) ask the publisher to update the skill metadata to list required env vars/primary credential and to document how secrets are expected to be provided so you can make an informed decision.
Capability Analysis
Type: OpenClaw Skill
Name: twitterapi-io
Version: 3.8.5
The skill bundle provides a comprehensive and well-documented interface for the TwitterAPI.io service, covering 67 endpoints for reading and writing Twitter data. While the skill handles highly sensitive information, including Twitter passwords, 2FA secrets, and session cookies, this behavior is strictly aligned with its stated purpose of facilitating account-based actions via an unofficial API. The documentation (SKILL.md and read-endpoints.md) proactively identifies and warns about security risks, such as the transmission of session cookies in GET parameters for DM history and a known backend bug in profile updates, which suggests transparency rather than malicious intent. No evidence of data exfiltration to unauthorized domains, malicious code execution, or prompt injection was found.
Capability Tags
Capability Assessment
Purpose & Capability
The skill's name/description (TwitterAPI.io integration) matches the SKILL.md content, but the registry metadata declares no required environment variables or primary credential while the SKILL.md repeatedly requires an X-API-Key ($TWITTERAPI_IO_KEY) and, for write actions, 'login_cookies' plus residential proxy credentials. That omission is an incoherence: a Twitter API skill should declare the API key and note additional sensitive inputs.
Instruction Scope
SKILL.md provides detailed curl examples and explicit instructions for read/write/login flows and warns about sending login_cookies in GET query params. It does not instruct the agent to read arbitrary host files, but it tells users to store the API key in a .env and to supply login_cookies and proxy credentials (sensitive). The guidance to avoid plain shell export is helpful, but the document exposes workflows that could leak secrets (login_cookies in URLs) and relies on the user to handle secrets correctly.
Install Mechanism
Instruction-only skill with no install spec and no code files — low risk from installation artifact perspective (nothing is downloaded or executed on disk).
Credentials
The skill requires at minimum TWITTERAPI_IO_KEY (X-API-Key) and—if performing writes—login_cookies and residential proxy credentials (including user:pass). None of these are declared in the registry metadata or listed as a primary credential. Requiring login cookies and proxy credentials is expected for this provider but is sensitive; the registry should declare these env/config requirements and the primary credential.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and has no install-time actions that modify other skills or system settings. Autonomous invocation is allowed (platform default) but nothing else elevates privilege.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install twitterapi-io - After installation, invoke the skill by name or use
/twitterapi-io - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.8.5
Remove duplicated monitored-users read reference
v3.8.4
Sync live OpenAPI write params
v3.8.3
Fix stale write header and sync version metadata
v3.8.1
Synced with latest GitHub: 67 endpoints, updated docs, error handling section
v3.8.0
Add 9 active OpenAPI endpoints and sync counts to 67
v3.7.2
Remove outdated 'not in OpenAPI' notes from tweet_timeline and tweets_timeline, correct total OpenAPI path count from 70 to 72
v3.7.1
Fix 8 documentation issues: endpoint counts, missing curl examples, param required flags, V1 auth notes, credential exposure warning
v3.7.0
Removed offline V3 endpoints (confirmed by provider). 58 active endpoints.
v3.6.0
Add 7 V3 endpoints (65 total): user_login_v3, send_tweet_v3, like_tweet_v3, retweet_v3, update_profile_v3, delete_my_x_account_v3, get_my_x_account_detail_v3
v3.5.4
fix 9 param mismatches from 3-auditor trust audit, revert fabricated fix
v3.5.3
fix: correct 6 param mismatches vs OpenAPI spec (quotes, user/search, send_dm, create/delete community, remove_user_monitor)
v3.5.2
fix avatar/banner to multipart upload, document update_profile_v2 backend bug
v3.5.1
fix: correct community endpoint param names (communityId → community_id), add missing query/queryType params to get_tweets_from_all_community
v3.5.0
Add 4 new endpoints: list/tweets, dm history, list add/remove member. Total 58 endpoints.
v3.4.2
fix: add includeReplies and includeParentTweet params to get_user_timeline
v3.4.1
fix: correct endpoint parameters (mentions, last_tweets, followers, followings) from live API docs audit
v3.4.0
Sync with MCP v1.1.6: add list_timeline + get_user_timeline, remove 7 deprecated V1 endpoints, 54 total endpoints
v3.2.0
Sync with docs.twitterapi.io: 59 endpoints confirmed, scraper fixes for method extraction
v3.1.0
v3.1: 59 endpoints, restructured references
v1.0.0
Initial publish
Metadata
Frequently Asked Questions
What is twitterapi-io?
Interact with Twitter/X via TwitterAPI.io — search tweets, get user info, post tweets, like, retweet, follow, send DMs, and more. Covers all 67 active endpoi... It is an AI Agent Skill for Claude Code / OpenClaw, with 1147 downloads so far.
How do I install twitterapi-io?
Run "/install twitterapi-io" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is twitterapi-io free?
Yes, twitterapi-io is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does twitterapi-io support?
twitterapi-io is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created twitterapi-io?
It is built and maintained by dorukardahan (@dorukardahan); the current version is v3.8.5.
More Skills