← Back to Skills Marketplace
278
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install x-brand-operator
Description
Automate X/Twitter brand account tasks including posting, keyword engagement, scheduling, and reporting using xurl API with browser fallback and Telegram ale...
Usage Guidance
This skill intends to autonomously post and engage on X and to send Telegram alerts, but it does not declare any credentials or config locations. Before installing: (1) confirm where and how the xurl app config and Telegram bot token/target are provided and stored (metadata should declare required env vars or config paths); (2) verify you are comfortable with the skill using your browser 'user' profile (it may access logged-in sessions/cookies); (3) note it will write drafts to ~/Workspace/<brand>/... and read memory/social-log.json — check those paths and what data they contain; (4) test in a throwaway account/environment first to ensure behavior matches expectations; (5) ask the publisher for a clear credential/permission model (which env vars are required, how tokens are stored, whether Telegram uses a platform-provided 'message' tool or your own bot). These inconsistencies are not proof of malicious intent, but they are material and should be resolved before trusting the skill with real account credentials or enabling scheduled runs.
Capability Analysis
Type: OpenClaw Skill
Name: x-brand-operator
Version: 1.0.0
The skill bundle automates X/Twitter brand operations, including posting, keyword engagement, and reporting. It is classified as suspicious due to a high-risk vulnerability: the instructions in SKILL.md and references/cron-config.md direct the agent to use shell execution (exec) for the 'xurl' tool with arguments (tweets and replies) derived from AI-generated content. Because this content is based on untrusted external data (X search results), the skill is highly vulnerable to indirect prompt injection, which could lead to arbitrary command execution (RCE). No evidence of intentional malice, such as data exfiltration or backdoors, was found.
Capability Assessment
Purpose & Capability
The skill claims to automate X/Twitter posting using 'xurl' and to send Telegram alerts. However, the registry metadata declares no required env vars or primary credential. The runtime instructions repeatedly call 'xurl --app <app>' and 'Send Telegram (channel: telegram, to: <telegram_id>)', which implies the need for an xurl app config and Telegram bot credentials or integration details. It also instructs using a browser profile 'user' (access to logged-in session). These capabilities are consistent with the stated purpose, but the lack of declared credentials/config makes the packaging incoherent: a legitimate implementation would normally require and declare the app id/token and Telegram bot token/target.
Instruction Scope
SKILL.md instructs the agent to: use xurl for search/post/reply/like/follow; fall back to an automated browser session (profile: user) to post; write Substack drafts to ~/Workspace/<brand>/substack/draft-YYYY-MM-DD.md; and read 'memory/social-log.json' for weekly reports. These are cross-cutting actions (network calls to X and Telegram, browser automation using the user's profile, and arbitrary file reads/writes) that go beyond a narrow, read-only helper. The instructions also reference placeholders (<app>, <telegram_id>, <brand>, <url>) without explaining where their secrets/config are stored. Reading 'memory/social-log.json' may touch unrelated agent memory/config.
Install Mechanism
This is an instruction-only skill with no install spec or code to download. That reduces supply-chain risk (nothing is written to disk by an install step).
Credentials
The skill requests no required env vars in metadata, yet runtime steps clearly require credentials/config: an xurl app configuration and Telegram integration (bot token or channel config), and possibly access to browser profile cookies/sessions. It also assumes write access to the user's home directory. The absence of declared secrets or config paths is disproportionate to the skill's operational needs and creates uncertainty about where credentials are expected or how they will be provided/used.
Persistence & Privilege
The skill is not 'always: true' and uses cron-style scheduled prompts in references/cron-config.md, so it is designed for recurring autonomous runs (the platform's normal mode). Autonomous scheduling + posting privileges increase blast radius (it can post on the account when scheduled), but that is expected for a social-posting automation skill. No indication the skill modifies other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install x-brand-operator - After installation, invoke the skill by name or use
/x-brand-operator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Full X/Twitter brand automation — scheduled posting, keyword engagement, Substack drafts, weekly reports, xurl + browser fallback
Metadata
Frequently Asked Questions
What is X Brand Operator?
Automate X/Twitter brand account tasks including posting, keyword engagement, scheduling, and reporting using xurl API with browser fallback and Telegram ale... It is an AI Agent Skill for Claude Code / OpenClaw, with 278 downloads so far.
How do I install X Brand Operator?
Run "/install x-brand-operator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is X Brand Operator free?
Yes, X Brand Operator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does X Brand Operator support?
X Brand Operator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created X Brand Operator?
It is built and maintained by caoooqiii (@caoqi); the current version is v1.0.0.
More Skills