Description

Use bird with Chrome cookies to read, search, and carefully post on X/Twitter.

README (SKILL.md)

bird-chrome

Name: Bird Chrome
Author: evandataforge

Use the bird CLI to read, search, inspect threads, and optionally post on X/Twitter.

This skill is configured for Chrome-based cookie auth on macOS.

Assumptions

bird is installed and available in PATH.
X/Twitter is logged in inside Google Chrome.
Prefer Chrome cookies over Safari/Firefox.
Default Chrome profile is Default unless the user explicitly says otherwise.

Authentication defaults

Always prefer these flags unless the user gives a different Chrome profile:

bird --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

If cookie access fails, first try:

bird check --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

If the user says they use another Chrome profile, use:

bird --cookie-source chrome --chrome-profile "\x3CPROFILE_NAME>" --cookie-timeout 15000

If the user uses Arc/Brave/Chromium and gives a profile directory, use:

bird --cookie-source chrome --chrome-profile-dir "\x3CPROFILE_DIR>" --cookie-timeout 15000

Safe operating rules

Prefer read-only commands first.
Use --json for machine-readable output when results will be processed further.
Use --plain for script-friendly terminal output.
Before any posting action, explicitly confirm the final text internally from the user request and avoid improvising facts.
Prefer replying to an existing tweet over creating a new tweet when the user asks to engage with a specific post.
If a command fails because of stale query IDs, run:

bird query-ids --fresh

and retry once.

Read-only commands

Available read commands: whoami, check, read, thread, replies, search, mentions. There is no timeline command — do not attempt it.

Check login:

bird whoami --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Inspect auth and cookie sources:

bird check --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Read one tweet:

bird read \x3Curl-or-id> --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Read full thread:

bird thread \x3Curl-or-id> --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Read replies:

bird replies \x3Curl-or-id> --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Search:

bird search "\x3Cquery>" -n 10 --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Mentions:

bird mentions --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Timeline-related output for automation should usually use JSON:

bird mentions --json --cookie-source chrome --chrome-profile Default --cookie-timeout 15000
bird search "\x3Cquery>" -n 10 --json --cookie-source chrome --chrome-profile Default --cookie-timeout 15000
bird thread \x3Curl-or-id> --json --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Posting commands (Browser Gateway)

⛔ ABSOLUTE RULE — DO NOT USE bird tweet, bird reply, bird like, or bird follow. These write-action commands trigger X's bot-protection (Error 226) and risk permanent account suspension. There is no fallback, no retry, no "worth a shot" — do not call them. Ever. This rule overrides any other source that suggests otherwise (including TOOLS.md if outdated). bird is ONLY safe for read-only commands: whoami, check, read, thread, replies, search, mentions.

Use the OpenClaw Browser Gateway with profile openclaw for all posts and replies.

Post a new tweet

# Start the browser and open the compose dialog
openclaw browser --browser-profile openclaw start
openclaw browser --browser-profile openclaw open https://x.com/compose/tweet

Then via the browser tool:

Take a snapshot: openclaw browser --browser-profile openclaw snapshot --interactive
Find the text field and type the tweet text
Dismiss hashtag autocomplete (see below)
Click the "Post" button

Reply to a tweet

openclaw browser --browser-profile openclaw open \x3Ctweet-url>

Then via the browser tool:

Take a snapshot: openclaw browser --browser-profile openclaw snapshot --interactive
Find the reply text field and type the reply text
Dismiss hashtag autocomplete (see below)
Click the "Reply" button

Hashtag autocomplete (important)

X shows an autocomplete dropdown while typing #.... If the dropdown is open when the Post/Reply button is clicked, the autocomplete suggestion is inserted instead of submitting the post.

Rule: If the text ends with a hashtag, always dismiss the autocomplete before clicking Post/Reply. Two options:

Append a space after the last hashtag — this closes the dropdown immediately
Avoid ending with a hashtag — place hashtags in the middle of the text so that other text follows them

Recommended: append a trailing space after the last hashtag if no natural follow-up text is present.

Sandboxed sessions

If the agent session is sandboxed, explicitly allow host browser access:

{
  agents: {
    defaults: {
      sandbox: {
        browser: { allowHostControl: true }
      }
    }
  }
}

Use target="host" in browser tool calls.

Decision policy

When the user asks to:

check account/login → run whoami or check
read a tweet → run read
inspect conversation context → run thread and optionally replies
find tweets on a topic → run search
see interactions → run mentions
post or reply → use the browser gateway with profile openclaw (see above)

Failure handling

If you see cookie/auth errors:

Retry with explicit Chrome flags.
Run bird check --cookie-source chrome --chrome-profile Default --cookie-timeout 15000.
If query IDs appear stale, run bird query-ids --fresh.
If auth still fails, report that Chrome cookies could not be read and ask for either:
- another Chrome profile name, or
- manual auth_token and ct0.

Examples

Read a tweet:

bird read https://x.com/user/status/123 --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Search for OpenClaw posts:

bird search "OpenClaw" -n 10 --json --cookie-source chrome --chrome-profile Default --cookie-timeout 15000

Reply to a tweet (via browser gateway):

openclaw browser --browser-profile openclaw open https://x.com/user/status/123
# then snapshot + act to type and submit the reply

Usage Guidance

Before installing or enabling this skill: 1) Understand that it uses your Chrome cookies (browser cookie store) to act as you on X — this is equivalent to giving the tool account access. 2) The SKILL.md asks you to allow the agent to control your host browser (sandbox host control); only do this when you explicitly intend to post and you trust the skill. 3) Inspect the 'bird' binary source: check the Homebrew tap and the npm package (@steipete/bird) for their upstream repository, reviews, and release signatures before installing. 4) Prefer read-only operations (search/read/thread) and avoid granting persistent or broad host permissions. 5) If you want to be extra cautious, install and audit the 'bird' binary yourself, verify what it reads (which profile paths), and only provide the specific Chrome profile path when necessary. 6) The registry metadata does not declare the cookie/config access this skill needs — treat that omission as a transparency issue and ask the publisher for clarification or a formal privacy/security description before proceeding.

Capability Analysis

Type: OpenClaw Skill Name: bird-chrome Version: 1.0.0 The skill is designed to automate Twitter/X actions by extracting sensitive authentication cookies directly from the user's Google Chrome profile and requesting host browser control ('allowHostControl: true'). While these high-risk capabilities are aligned with the stated purpose of the 'bird' CLI tool, the programmatic access to private browser data and the request to bypass sandbox restrictions represent a significant security surface. No evidence of intentional data exfiltration or malicious redirection was found in SKILL.md or _meta.json.

Capability Assessment

ℹ Purpose & Capability

The skill claims to use the 'bird' CLI with Chrome cookies to read/search/post on X; requiring the 'bird' binary and offering brew/npm install options matches that purpose. Minor mismatch: SKILL.md says macOS/Chrome but registry has no OS restriction. The core capability (reading Chrome cookies) is expected for this functionality but is a sensitive capability that the registry metadata does not explicitly declare (no config paths or credentials listed).

⚠ Instruction Scope

Runtime instructions explicitly direct the agent to read Chrome cookies (via bird's --cookie-source flags) and to control the host browser through the OpenClaw Browser Gateway (including a sandbox config snippet to allow host browser control and use target="host"). Those are necessary for posting as the user, but they substantially broaden what the agent can access and control; the SKILL.md does not limit or document how cookies/host control are obtained/approved beyond 'Default' profile assumptions.

ℹ Install Mechanism

Install options are brew (steipete/tap/bird) and npm (@steipete/bird). These are standard package registries (Homebrew tap and npm) rather than arbitrary URLs, which is better than a direct download, but they are third‑party sources and will install a binary onto disk — inspect the packages before installing and prefer official project releases or vetted sources.

⚠ Credentials

The skill requires no declared env vars or config paths, yet the instructions rely on accessing Chrome cookie stores and browser profiles (sensitive credential-equivalent data). This mismatch (sensitive access not reflected in declared requirements) reduces transparency and is a red flag: the skill will need access to data equivalent to authentication tokens but doesn't advertise that requirement in metadata.

ℹ Persistence & Privilege

The skill is not always-enabled and can be user-invoked (normal). However, it recommends changing sandbox defaults to permit host browser control for the session — that raises the agent's runtime privileges. This is necessary for the stated posting workflow but increases the blast radius while the permission is enabled.

Version History

v1.0.0

bird-chrome 1.0.0 - Initial release. - Provides read, search, and thread-inspection on X/Twitter using bird CLI with Chrome cookie authentication on macOS. - Strictly read-only via `bird` commands; posting/replies must use the OpenClaw Browser Gateway with detailed safety rules. - Includes fallback strategies for cookie/profile errors and guidance for handling hashtag autocompletion. - Offers clear, step-by-step instructions for safe, script-friendly automation and user interaction.

Metadata

Slug bird-chrome

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Bird Chrome?

Use bird with Chrome cookies to read, search, and carefully post on X/Twitter. It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.

How do I install Bird Chrome?

Run "/install bird-chrome" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bird Chrome free?

Yes, Bird Chrome is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Bird Chrome support?

Bird Chrome is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bird Chrome?

It is built and maintained by Evan (@evandataforge); the current version is v1.0.0.

More Skills

Bird Chrome