← 返回 Skills 市场
2398
总下载
0
收藏
12
当前安装
1
版本数
在 OpenClaw 中安装
/install mia-twitter-stealth
功能描述
Twitter/X automation with advanced stealth and anti-detection
安全使用建议
This skill is internally inconsistent: the documentation asks for powerful Twitter session tokens and Playwright/Chromium and describes persistent, stealthy behavior, but the registry lists no required credentials, binaries, or install steps and provides no code. Before using it, ask the author for: (1) a clear install mechanism or published CLI/binary, (2) explicit declaration of required env vars in the registry, (3) details on where session files are stored and how they are protected, and (4) source code or a reputable release so you can audit it. Be aware that supplying X_AUTH_TOKEN/X_CT0 gives broad control of an account and that stealth/anti-detection features may violate Twitter/X terms of service. If you cannot verify the origin and code, do not provide tokens or install/run actions this skill describes.
功能分析
Type: OpenClaw Skill
Name: mia-twitter-stealth
Version: 1.0.0
The skill is classified as suspicious due to its explicit requirement for highly sensitive credentials (`X_AUTH_TOKEN`, `X_CT0`) via environment variables, as detailed in `SKILL.md`. While these are plausibly needed for the stated purpose of Twitter automation, their handling represents a significant high-risk capability. Additionally, the skill advertises 'advanced stealth and anti-detection' features, which, while intended for evading Twitter's bot detection, contribute to an elevated risk profile without the ability to review the underlying code for safe handling of these capabilities and credentials. There is no direct evidence of prompt injection or intentional malicious behavior in the provided files.
能力评估
Purpose & Capability
The SKILL.md describes a CLI-style tool (mia-twitter) and requires X_AUTH_TOKEN/X_CT0 and Playwright with Chromium, but the registry metadata declares no required env vars, no binaries, no install. An instruction-only skill that expects a local 'mia-twitter' CLI and Playwright runtime without providing install details or declaring required credentials is inconsistent and unexplained.
Instruction Scope
Instructions explicitly instruct session persistence (cookies, localStorage, user-data-dir), human-behavior simulation, and use of auth tokens. Those actions require filesystem and credential access and could enable long-lived access to an account; yet nothing in the manifest declares or limits that access. The SKILL.md also contains patterns consistent with prompt-injection (unicode-control-chars).
Install Mechanism
There is no install spec and no code files — the skill is purely instructions that assume the existence of a 'mia-twitter' CLI and Playwright/Chromium. That mismatch (instructions expecting runtime artifacts that are not provided or declared) is a red flag: either required software will be installed externally (not documented) or the skill is incomplete/misleading.
Credentials
The SKILL.md requests X_AUTH_TOKEN and X_CT0, which are session/authorization tokens capable of full account control on Twitter/X. Requesting such powerful secrets is proportionate for direct API/browser automation, but the registry did not declare a primary credential nor list these env vars — creating an unexplained gap and risk of secret misuse or accidental exposure.
Persistence & Privilege
The skill's behavior relies on persistent session data (cookies, localStorage, user-data-dir) to remain stealthy across runs. Although the skill is not forced always-on, its instructions encourage writing persistent artifacts to disk which can increase long-term risk (account takeover, stealthy automation). The manifest does not explain where or how those files are managed or protected.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mia-twitter-stealth - 安装完成后,直接呼叫该 Skill 的名称或使用
/mia-twitter-stealth触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of mia-twitter-stealth, providing Twitter/X automation with advanced stealth and anti-detection features.
- Utilizes Playwright Stealth to mask automation fingerprints, including hiding navigator.webdriver and masking Chrome flags.
- Operates in headful mode by default to avoid headless detection.
- Simulates human behavior with random typing delays, mouse movements, natural scroll, and session persistence.
- Implements strict cooldown and rate limits: max 5 actions/hour, 50/day, and 2–5 minute delays for safer automation.
- Requires X_AUTH_TOKEN and X_CT0 environment variables, plus Playwright with Chromium.
元数据
常见问题
Mia Twitter Stealth 是什么?
Twitter/X automation with advanced stealth and anti-detection. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2398 次。
如何安装 Mia Twitter Stealth?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mia-twitter-stealth」即可一键安装,无需额外配置。
Mia Twitter Stealth 是免费的吗?
是的,Mia Twitter Stealth 完全免费(开源免费),可自由下载、安装和使用。
Mia Twitter Stealth 支持哪些平台?
Mia Twitter Stealth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Mia Twitter Stealth?
由 ArubikU(@arubiku)开发并维护,当前版本 v1.0.0。
推荐 Skills