← Back to Skills Marketplace
Twitter Operations
by
millymilton
· GitHub ↗
· v1.0.0
3422
Downloads
0
Stars
15
Active Installs
1
Versions
Install in OpenClaw
/install twitter-operations
Description
Automate and manage Twitter/X accounts by posting, scheduling, replying, analyzing, tracking trends, managing followers, and handling media and analytics.
Usage Guidance
This skill's manifest looks functionally plausible for Twitter/X automation, but there are important gaps and mismatches you should resolve before installing: 1) Ask the author to provide a clear description and to update registry metadata to declare the required credentials (OAuth keys/tokens) and config paths explicitly. 2) Verify where credentials are stored and whether they are encrypted; prefer environment variables or a secure secrets store over plaintext files in your home directory. 3) Confirm how webhooks are used and whether any monitored content could be forwarded externally; never supply a webhook you do not control. 4) Request an install spec or vetted package instructions for the listed Python dependencies so you can review and control what is installed. 5) Be cautious with features that scrape data or perform bulk follow/unfollow/block operations — they can violate platform policies and enable abusive behavior. If you cannot verify the author or get these clarifications, test the skill in an isolated account and environment or do not install.
Capability Analysis
Type: OpenClaw Skill
Name: twitter-operations
Version: 1.0.0
The skill is classified as suspicious due to several high-risk capabilities, even though no explicit malicious intent is demonstrated in the provided files. Key indicators include the ability to 'scrape tweets and user profiles' and 'archive tweets and user data' (implying extensive data collection), the `python-dotenv` dependency (allowing access to environment variables), and the use of 'alert-webhook' in examples (demonstrating outbound network connections to arbitrary URLs, a potential exfiltration vector). Additionally, 'bulk operations' and local file writing for analytics (`~/twitter_stats.csv`) present further risks if misused.
Capability Assessment
Purpose & Capability
The skill manifest clearly targets Twitter/X automation (posting, streaming, OAuth auth, scraping, bulk follow/unfollow, archiving, multi-account management). However the registry metadata declares no required environment variables, no primary credential, and no config paths — yet the SKILL.md references OAuth auth, a credentials_file, cache/log/archive directories, and many API endpoints. That mismatch between declared requirements and the manifest is incoherent.
Instruction Scope
SKILL.md includes instructions and examples that imply writing persistent credential files (~/.openclaw/twitter_credentials.json), archiving and caching user data, scraping tweets and profiles, performing bulk operations, and sending alerts to external webhooks (example: https://hooks.example.com). Those behaviors involve reading/writing persistent storage and transmitting potentially large amounts of user data to third parties — scope that isn't described in the top-level metadata and could enable data exfiltration or abusive automation if misused.
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself. However the SKILL.md lists numerous Python dependencies (tweepy, requests-oauthlib, python-dotenv, pandas, beautifulsoup4, etc.) but provides no automated install instructions. That inconsistency can lead to runtime failures or ad-hoc installation of packages by the integrator; it is not direct code-execution risk from the registry, but it's an implementation gap that should be clarified.
Credentials
Although manifest metadata lists no required env vars or primary credential, the instructions explicitly expect OAuth credentials, reference storing credentials on disk, and suggest using environment variables or encrypted files. The skill also supports sending events to external webhooks — a channel that could carry sensitive data. Requesting no declared credentials while requiring them at runtime is disproportionate and a practical mismatch that raises security questions.
Persistence & Privilege
The skill will persist files under ~/.openclaw (credentials, cache, logs, archives) according to SKILL.md. It does not request always:true, nor system-wide config changes, but it does expect to create and read persistent files in the user's home directory. This is expected for an automation tool but should be explicit in declared config paths and documented encryption/permissions behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install twitter-operations - After installation, invoke the skill by name or use
/twitter-operations - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release with comprehensive Twitter automation.
Metadata
Frequently Asked Questions
What is Twitter Operations?
Automate and manage Twitter/X accounts by posting, scheduling, replying, analyzing, tracking trends, managing followers, and handling media and analytics. It is an AI Agent Skill for Claude Code / OpenClaw, with 3422 downloads so far.
How do I install Twitter Operations?
Run "/install twitter-operations" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Twitter Operations free?
Yes, Twitter Operations is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Twitter Operations support?
Twitter Operations is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Twitter Operations?
It is built and maintained by millymilton (@millymilton); the current version is v1.0.0.
More Skills