← 返回 Skills 市场
Auto Tweet Publish
作者
chatgptnexus
· GitHub ↗
· v1.0.0
· MIT-0
105
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install auto-tweet
功能描述
Post, search, like, retweet, bookmark, and manage a Twitter/X account via a local twikit-based API server on port 19816. Use when the user asks to tweet, sea...
使用说明 (SKILL.md)
Auto-Tweet Agent — OpenClaw Skill
Safe, open-source Twitter/X automation via twikit. Replaces openclaw-x with fully auditable Python code.
Overview
This skill lets you control a Twitter/X account through natural language.
The local API runs on http://localhost:19816 and wraps the open-source
twikit library (4.1K+ ⭐, MIT license).
No closed-source binaries. No cookie theft risk. Fully transparent.
Prerequisites
The Auto-Tweet server must be running:
cd ~/.openclaw/skills/auto-tweet
python main.py
Available Actions
Post a tweet
curl -X POST http://localhost:19816/tweet \
-H "Content-Type: application/json" \
-d '{"text": "Hello from OpenClaw!"}'
Post a tweet with media
curl -X POST http://localhost:19816/tweet \
-H "Content-Type: application/json" \
-d '{"text": "Check this out!", "media_paths": ["/path/to/image.jpg"]}'
Reply to a tweet
curl -X POST http://localhost:19816/tweet \
-H "Content-Type: application/json" \
-d '{"text": "Great point!", "reply_to": "TWEET_ID"}'
Quote tweet
curl -X POST http://localhost:19816/tweet \
-H "Content-Type: application/json" \
-d '{"text": "This is amazing!", "quote_url": "https://x.com/user/status/TWEET_ID"}'
Search tweets
curl "http://localhost:19816/search?q=AI+Agent&type=Latest&count=10"
Search users
curl "http://localhost:19816/search/users?q=openai&count=5"
Get timeline (For You)
curl "http://localhost:19816/timeline?count=20"
Get timeline (Following)
curl "http://localhost:19816/timeline/following?count=20"
Like a tweet
curl -X POST http://localhost:19816/like \
-H "Content-Type: application/json" \
-d '{"tweet_id": "TWEET_ID"}'
Unlike a tweet
curl -X POST http://localhost:19816/unlike \
-H "Content-Type: application/json" \
-d '{"tweet_id": "TWEET_ID"}'
Retweet
curl -X POST http://localhost:19816/retweet \
-H "Content-Type: application/json" \
-d '{"tweet_id": "TWEET_ID"}'
Undo retweet
curl -X POST http://localhost:19816/unretweet \
-H "Content-Type: application/json" \
-d '{"tweet_id": "TWEET_ID"}'
Bookmark a tweet
curl -X POST http://localhost:19816/bookmark \
-H "Content-Type: application/json" \
-d '{"tweet_id": "TWEET_ID"}'
Get bookmarks
curl "http://localhost:19816/bookmarks?count=20"
Get user profile
curl "http://localhost:19816/user/elonmusk"
Get user tweets
curl "http://localhost:19816/user/elonmusk/tweets?type=Tweets&count=10"
Get a specific tweet
curl "http://localhost:19816/tweet/TWEET_ID"
Delete a tweet
curl -X DELETE "http://localhost:19816/tweet/TWEET_ID"
Get trending topics
curl "http://localhost:19816/trends?category=trending"
Send a DM
curl -X POST http://localhost:19816/dm \
-H "Content-Type: application/json" \
-d '{"user_id": "USER_ID", "text": "Hello!"}'
Follow / Unfollow
curl -X POST "http://localhost:19816/follow/USER_ID"
curl -X POST "http://localhost:19816/unfollow/USER_ID"
Get notifications
curl "http://localhost:19816/notifications?type=Mentions&count=20"
Schedule a tweet
curl -X POST http://localhost:19816/schedule \
-H "Content-Type: application/json" \
-d '{"text": "Scheduled tweet!", "scheduled_at": 1735689600}'
Check rate limits
curl "http://localhost:19816/rate_limits"
Health check
curl "http://localhost:19816/"
Rate Limits (Built-in Safety)
| Limit | Default | Purpose |
|---|---|---|
| API calls/hour | 30 | Prevent hourly burst |
| API calls/day | 200 | Match normal usage |
| Tweets/day | 20 | Conservative posting |
All limits are configurable in config.json.
Error Handling
All endpoints return standard HTTP status codes:
200— Success400— Bad request (invalid parameters)401— Session expired (restart server)403— Account issue (suspended/locked)409— Duplicate tweet429— Rate limit exceeded500— Twitter API error
Security Notes
- Server binds to
127.0.0.1only (localhost) — no external access - Credentials stay in local
config.json - Cookies saved locally in
cookies.json - All code is open-source Python — fully auditable
- No telemetry, no external callbacks
- Rate limiter protects against accidental overuse
安全使用建议
This skill appears to implement exactly what it claims — a local, auditable twikit-based controller for an X account — but if you plan to install/run it please consider the following before proceeding:
- Credentials: The program expects a config.json containing your username, password (and optionally TOTP secret). Those are stored on disk in the skill directory; ensure file permissions are tight (owner-only) and avoid storing high-value or primary-account credentials if you are unsure.
- Cookies: Cookies are saved locally (cookies.json). Protect that file similarly because it can grant session access.
- Review code & dependencies: The code is included, so inspect it or run it in a sandbox/container. Verify third-party packages (twikit, fastapi, uvicorn, pydantic). Note the curl_cffi-based shim (curl_httpx_shim.py) uses TLS impersonation to avoid Cloudflare 403; this is consistent with its goal but is a network-layer workaround — if you have policies against TLS impersonation libraries, review or omit the shim.
- Least privilege: Run the server as a non-privileged user and avoid running as root. Bind to localhost only (the code already does), and consider firewall rules if needed.
- Operational caution: Rate limiting is implemented, but still double-check scheduled/automated actions before enabling to avoid accidental posting from a compromised environment.
If you are not comfortable storing credentials on disk or cannot review the code, consider using a vetted, official client or running this in an isolated environment. Otherwise the skill is internally coherent and behaves as described.
功能分析
Type: OpenClaw Skill
Name: auto-tweet-publish
Version: 1.0.0
The skill provides extensive Twitter/X automation capabilities (posting, DMs, following, media uploads) by wrapping the twikit library and using a custom shim (curl_httpx_shim.py) to bypass Cloudflare bot detection. It is classified as suspicious because it requires users to store sensitive credentials, including plain-text passwords and TOTP secrets, in a local config.json file. Additionally, the API endpoints in main.py allow the agent to upload arbitrary local files to Twitter and perform broad account actions, which could be exploited for data exfiltration or unauthorized social engineering if the agent is compromised via prompt injection.
能力评估
Purpose & Capability
The name/description match the actual code and SKILL.md: a local FastAPI server that uses the open-source twikit library to control an X account. Credentials are stored in a local config.json (username/password/cookies), which is coherent with the stated design.
Instruction Scope
Instructions stay within the declared purpose (start the local server, curl localhost endpoints). They do instruct the user to store username/password and optional TOTP in config.json and to save cookies.json locally — this is necessary for login but is a local sensitive-data handling decision the user should be aware of.
Install Mechanism
This is an instruction-only skill with bundled Python source and a requirements.txt for pip dependencies (twikit, fastapi, uvicorn, pydantic). There is no install spec that writes arbitrary binaries. One minor inconsistency: curl_httpx_shim.py imports curl_cffi but curl_cffi is not listed in requirements.txt; the shim is optional (main.py falls back to httpx) so this appears to be an implementation detail rather than malicious behavior.
Credentials
The skill requests no environment variables or external cloud credentials. It requires local credentials (username/password in config.json) which is proportionate to the ability to log into and operate an X account. No unrelated tokens or secrets are requested.
Persistence & Privilege
The skill does not force installation (always:false), does not modify other skills or system-wide configs, and keeps cookies/credentials in its own directory. It runs as a local server bound to 127.0.0.1 per SKILL.md/main.py.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install auto-tweet - 安装完成后,直接呼叫该 Skill 的名称或使用
/auto-tweet触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Twitter/X automation skill via twikit - tweet, search, like, retweet, manage timeline
元数据
常见问题
Auto Tweet Publish 是什么?
Post, search, like, retweet, bookmark, and manage a Twitter/X account via a local twikit-based API server on port 19816. Use when the user asks to tweet, sea... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 105 次。
如何安装 Auto Tweet Publish?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install auto-tweet」即可一键安装,无需额外配置。
Auto Tweet Publish 是免费的吗?
是的,Auto Tweet Publish 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Auto Tweet Publish 支持哪些平台?
Auto Tweet Publish 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Auto Tweet Publish?
由 chatgptnexus(@chatgptnexus)开发并维护,当前版本 v1.0.0。
推荐 Skills