← 返回 Skills 市场

X (Twitter) Data Scraper

Name: X (Twitter) Data Scraper
Author: lamtest556-blip

作者 lamtest556-blip · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install claude-code-x-scraper

功能描述

X (Twitter) data extraction and analysis. Use when user asks to "get tweets from @username", "search X for", "analyze Twitter data", "fetch tweets about [top...

使用说明 (SKILL.md)

X (Twitter) Data Scraper

Extract and analyze X/Twitter data programmatically.

When to Use

Fetch tweets from a specific user
Search X for keywords/topics
Analyze Twitter data and sentiment
Monitor social media trends

Quick Start

# Get user tweets
python3 scripts/get_user_tweets.py elonmusk 20

# Search for topic
python3 scripts/search_tweets.py "machine learning" 30

Setup

Credentials: Create ~/.openclaw/credentials/x_api_tokens.env:

X_BEARER_TOKEN=Bearer YOUR_TOKEN_HERE

Get token: https://developer.twitter.com/en/portal/dashboard

Scripts

Script	Purpose
`get_user_tweets.py`	Fetch user timeline
`search_tweets.py`	Search by keyword
`fetch_x_playwright.py`	Browser-based scraping
`x_api_client.py`	API client module

Advanced Search

# Exclude replies/retweets
python3 scripts/get_user_tweets.py elonmusk 20 --no-replies --no-retweets

# Complex search
python3 scripts/search_tweets.py "(AI OR ML) from:elonmusk lang:en" 20

Troubleshooting

401 Unauthorized: Check Bearer token format
403 Forbidden: Search API needs Elevated access
429 Rate Limited: Wait 15 minutes

License

MIT

安全使用建议

What to consider before installing/running: - The skill's metadata claims no credentials, but its README/SKILL.md and code require an X API bearer token (X_BEARER_TOKEN) and the Playwright scraper expects a cookies file. This mismatch is a red flag: the registry info should list required secrets. Treat the package as requiring secrets even if metadata omits them. - The Playwright scraper loads cookies from a hardcoded root path (/root/cookies_fixed.json) and CAPABILITY.md references /root paths and a login credentials file. Running these scripts with real cookies or account credentials can expose those secrets; do not point them at your primary account credentials. Prefer using a throwaway/test account or only use API tokens with limited scope. - The code accepts HTTPS_PROXY / https proxy environment variables. If you set a proxy, traffic (including bearer tokens) could be routed through that proxy—ensure it is trusted. - There are several documentation mismatches (missing script names, differing credential filenames). This indicates sloppy packaging; ask the publisher for clarification or a corrected manifest before trusting the skill with sensitive credentials. - If you still want to use it: inspect and run the code in an isolated environment (sandbox, VM, or container), avoid providing your primary X/Twitter credentials, and prefer using only the API bearer token stored in a limited-permission place. Remove or change hardcoded paths (/root/...) to a safe location you control. What would reduce concern: a corrected registry manifest that explicitly lists required env vars (X_BEARER_TOKEN), a clear explanation of cookie usage and the exact cookie file path, removal of hardcoded /root paths (or explicit documentation explaining why they are used), and an owning homepage/author identity you can verify.

功能分析

Type: OpenClaw Skill Name: claude-code-x-scraper Version: 1.0.1 The skill bundle provides a functional X (Twitter) data extraction tool using both the official X API and Playwright-based browser automation. It handles authentication via standard environment variables and local credential files (~/.openclaw/credentials/). While there are minor documentation inconsistencies (e.g., referencing scripts/fetch_user_tweets.py instead of scripts/get_user_tweets.py) and hardcoded environment-specific paths like /root/cookies_fixed.json, these appear to be unintentional bugs or configuration defaults rather than malicious intent. No evidence of data exfiltration, unauthorized execution, or prompt injection was found.

能力评估

ℹ Purpose & Capability

The skill's name/description match the included code (API client, search, user timeline, and a Playwright scraper). However registry metadata claims no required env vars or credentials while README/SKILL.md/CODE expect an X_BEARER_TOKEN or credential files; CAPABILITY.md also references username/password and cookie files. These undocumented credentials in metadata are an incoherence.

⚠ Instruction Scope

Runtime instructions and code instruct creating/reading credential files (~/.openclaw/credentials/x_api_tokens.env) and the Playwright script loads cookies from a hardcoded path (/root/cookies_fixed.json). CAPABILITY.md also references /root/.openclaw/credentials/x_login_credentials.env and COOKIES_FILE=/root/cookies.json. The skill therefore reads local secret files and a cookies file; these operations go beyond simple 'call the API' and could expose sensitive tokens/cookies if misused. There are also mismatches in referenced script names (CAPABILITY.md refers to fetch_user_tweets.py which is absent).

✓ Install Mechanism

This is an instruction-only skill with no install spec (no downloaded archives or package installs). Included code files run as-is; there is no installer that pulls remote binaries. That lowers install-time risk, but executing the scripts will run network and file I/O.

⚠ Credentials

Although registry metadata lists no required env vars, the code and docs expect X_BEARER_TOKEN (and optionally cookie/login credentials). CAPABILITY.md suggests username/password and a cookies file. Asking for bearer tokens or cookies is reasonable for a Twitter scraper, but the skill's metadata failing to declare them is incoherent. The code also respects HTTPS_PROXY which could be misconfigured to route traffic through an attacker-controlled proxy if an operator sets it. The hardcoded /root cookie path suggests privileged file access assumptions.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or agent-wide settings. It simply contains scripts that run when invoked. No elevated platform privileges are declared.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install claude-code-x-scraper
安装完成后，直接呼叫该 Skill 的名称或使用 /claude-code-x-scraper 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Added README.md and test suite

v1.0.0

Initial release: X (Twitter) data extraction and analysis toolkit. - Fetch tweets from user timelines or by keyword/topic. - Analyze Twitter data, perform sentiment analysis, and monitor trends. - Supports script-based workflows with quick start examples. - Includes API and browser-based scraping options. - Detailed setup instructions and troubleshooting tips provided.

元数据

Slug claude-code-x-scraper

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题