← Back to Skills Marketplace
2398
Downloads
0
Stars
12
Active Installs
1
Versions
Install in OpenClaw
/install mia-twitter-stealth
Description
Twitter/X automation with advanced stealth and anti-detection
Usage Guidance
This skill is internally inconsistent: the documentation asks for powerful Twitter session tokens and Playwright/Chromium and describes persistent, stealthy behavior, but the registry lists no required credentials, binaries, or install steps and provides no code. Before using it, ask the author for: (1) a clear install mechanism or published CLI/binary, (2) explicit declaration of required env vars in the registry, (3) details on where session files are stored and how they are protected, and (4) source code or a reputable release so you can audit it. Be aware that supplying X_AUTH_TOKEN/X_CT0 gives broad control of an account and that stealth/anti-detection features may violate Twitter/X terms of service. If you cannot verify the origin and code, do not provide tokens or install/run actions this skill describes.
Capability Analysis
Type: OpenClaw Skill
Name: mia-twitter-stealth
Version: 1.0.0
The skill is classified as suspicious due to its explicit requirement for highly sensitive credentials (`X_AUTH_TOKEN`, `X_CT0`) via environment variables, as detailed in `SKILL.md`. While these are plausibly needed for the stated purpose of Twitter automation, their handling represents a significant high-risk capability. Additionally, the skill advertises 'advanced stealth and anti-detection' features, which, while intended for evading Twitter's bot detection, contribute to an elevated risk profile without the ability to review the underlying code for safe handling of these capabilities and credentials. There is no direct evidence of prompt injection or intentional malicious behavior in the provided files.
Capability Assessment
Purpose & Capability
The SKILL.md describes a CLI-style tool (mia-twitter) and requires X_AUTH_TOKEN/X_CT0 and Playwright with Chromium, but the registry metadata declares no required env vars, no binaries, no install. An instruction-only skill that expects a local 'mia-twitter' CLI and Playwright runtime without providing install details or declaring required credentials is inconsistent and unexplained.
Instruction Scope
Instructions explicitly instruct session persistence (cookies, localStorage, user-data-dir), human-behavior simulation, and use of auth tokens. Those actions require filesystem and credential access and could enable long-lived access to an account; yet nothing in the manifest declares or limits that access. The SKILL.md also contains patterns consistent with prompt-injection (unicode-control-chars).
Install Mechanism
There is no install spec and no code files — the skill is purely instructions that assume the existence of a 'mia-twitter' CLI and Playwright/Chromium. That mismatch (instructions expecting runtime artifacts that are not provided or declared) is a red flag: either required software will be installed externally (not documented) or the skill is incomplete/misleading.
Credentials
The SKILL.md requests X_AUTH_TOKEN and X_CT0, which are session/authorization tokens capable of full account control on Twitter/X. Requesting such powerful secrets is proportionate for direct API/browser automation, but the registry did not declare a primary credential nor list these env vars — creating an unexplained gap and risk of secret misuse or accidental exposure.
Persistence & Privilege
The skill's behavior relies on persistent session data (cookies, localStorage, user-data-dir) to remain stealthy across runs. Although the skill is not forced always-on, its instructions encourage writing persistent artifacts to disk which can increase long-term risk (account takeover, stealthy automation). The manifest does not explain where or how those files are managed or protected.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mia-twitter-stealth - After installation, invoke the skill by name or use
/mia-twitter-stealth - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of mia-twitter-stealth, providing Twitter/X automation with advanced stealth and anti-detection features.
- Utilizes Playwright Stealth to mask automation fingerprints, including hiding navigator.webdriver and masking Chrome flags.
- Operates in headful mode by default to avoid headless detection.
- Simulates human behavior with random typing delays, mouse movements, natural scroll, and session persistence.
- Implements strict cooldown and rate limits: max 5 actions/hour, 50/day, and 2–5 minute delays for safer automation.
- Requires X_AUTH_TOKEN and X_CT0 environment variables, plus Playwright with Chromium.
Metadata
Frequently Asked Questions
What is Mia Twitter Stealth?
Twitter/X automation with advanced stealth and anti-detection. It is an AI Agent Skill for Claude Code / OpenClaw, with 2398 downloads so far.
How do I install Mia Twitter Stealth?
Run "/install mia-twitter-stealth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mia Twitter Stealth free?
Yes, Mia Twitter Stealth is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Mia Twitter Stealth support?
Mia Twitter Stealth is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mia Twitter Stealth?
It is built and maintained by ArubikU (@arubiku); the current version is v1.0.0.
More Skills