← Back to Skills Marketplace

Wip Xai X Private

Name: Wip Xai X Private
Author: parkertoddbrooks

by Parker Todd Brooks · GitHub ↗ · v1.0.4 · MIT-0

cross-platform ⚠ suspicious

257

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install wip-xai-x

Description

X Platform API. Read posts, search tweets, get bookmarks, post tweets, upload media.

Usage Guidance

This repo mostly does what it says (X API wrapper) but pay attention to three things before installing: 1) Metadata mismatch — the registry claims no required env vars but the skill expects X_BEARER_TOKEN and/or the full OAuth 1.0a tokens (and optional X_OP_VAULT/X_OP_ITEM). Ask the publisher to declare these explicitly. 2) auth.mjs runs the 1Password CLI via execSync to read secrets: that will execute a shell command in your environment to access vault items; if you prefer, provide credentials via environment variables instead and ensure the 'op' CLI isn't available or pointed at unrelated vaults. 3) upload_media reads local files by path (readFileSync) and will upload their contents to X — do not allow the skill to run in contexts where it can access sensitive files, and be cautious about allowing autonomous agent invocation of the MCP tools (an agent could call upload_media to exfiltrate files). Recommended actions: review/verify the code yourself, ensure registry metadata is corrected, run the skill in a least-privileged environment, and avoid granting it access to secrets or sensitive filesystem paths unless you trust the author and have validated the code.

Capability Analysis

Type: OpenClaw Skill Name: wip-xai-x Version: 1.0.4 The skill bundle provides a legitimate interface for the X (Twitter) API but contains a shell injection vulnerability in auth.mjs. The opRead function uses execSync to call the 1Password CLI with unsanitized input from environment variables (X_OP_VAULT and X_OP_ITEM), which could allow arbitrary command execution if those variables are maliciously crafted. While the intent appears to be credential management, the implementation is insecure.

Capability Assessment

ℹ Purpose & Capability

The code and SKILL.md implement an X Platform API wrapper (read + write, search, bookmarks, media upload) which aligns with the name/description. However the registry metadata claims no required environment variables while SKILL.md and the code clearly expect X_BEARER_TOKEN / X_API_KEY / X_API_SECRET / X_ACCESS_TOKEN / X_ACCESS_TOKEN_SECRET (and optional X_OP_VAULT/X_OP_ITEM). That metadata mismatch is incoherent and should be corrected.

⚠ Instruction Scope

SKILL.md and auth.mjs instruct the agent to resolve credentials via environment variables or by invoking the 1Password CLI. The code uses child_process.execSync('op read ...') to pull fields from 1Password and uses readFileSync(file_path) to load files for upload. Reading secrets from 1Password and reading arbitrary local file paths (then uploading them to X) are within the stated feature set, but they are sensitive actions and expand the runtime scope beyond simple API calls.

✓ Install Mechanism

This is instruction- and code-based (no download install spec). Package.json lists normal npm dependencies (@xdevplatform/xdk, @modelcontextprotocol/sdk). There is no remote archive download or obscure install URL. Risk from install mechanism itself is low.

⚠ Credentials

The credentials requested (bearer token and full OAuth 1.0a tokens) are appropriate for a Twitter/X wrapper. However the registry metadata does not declare these required env vars while SKILL.md and auth.mjs do, and auth.mjs also reads X_OP_VAULT/X_OP_ITEM (1Password configuration) not declared in metadata. The code also runs the 'op' CLI which will read secrets from the user's 1Password; lack of explicit declaration in the registry is a red flag for transparency.

ℹ Persistence & Privilege

The skill is not marked always:true and does not change other skills' configs. It exposes an MCP stdio server which registers tools the agent can call; combined with the ability to upload arbitrary local files, that creates an elevated exfiltration risk if the agent is allowed to invoke the skill autonomously. Autonomous invocation alone is normal but should be considered in light of the file-read + external upload capability.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install wip-xai-x
After installation, invoke the skill by name or use /wip-xai-x
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.4

# wip-xai-x v1.0.4 Two fixes for MCP server startup: 1. v1.0.3: Added @modelcontextprotocol/sdk to dependencies (was imported but not declared). Closes wipcomputer/wip-xai-x#3 2. v1.0.4: Fixed schema imports (ListToolsRequestSchema/CallToolRequestSchema instead of method literals). Closes wipcomputer/wip-xai-x#4 ## Issues closed - Closes #4

v1.0.3

# wip-xai-x v1.0.3 Fix: add @modelcontextprotocol/sdk to dependencies. MCP server was failing with ERR_MODULE_NOT_FOUND when deployed via ldm install. ## Issues closed - Closes #3

Metadata

Slug wip-xai-x

Version 1.0.4

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Wip Xai X Private?

X Platform API. Read posts, search tweets, get bookmarks, post tweets, upload media. It is an AI Agent Skill for Claude Code / OpenClaw, with 257 downloads so far.

How do I install Wip Xai X Private?

Run "/install wip-xai-x" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Wip Xai X Private free?

Yes, Wip Xai X Private is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Wip Xai X Private support?

Wip Xai X Private is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Wip Xai X Private?

It is built and maintained by Parker Todd Brooks (@parkertoddbrooks); the current version is v1.0.4.

More Skills