← 返回 Skills 市场

OpenClaw X

Name: OpenClaw X
Author: bosshuman

作者 bosshuman · GitHub ↗ · v0.2.2

cross-platform ⚠ suspicious

583

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openclaw-x

功能描述

Control your X/Twitter account — view timeline, search tweets, post, like, retweet, bookmark.

安全使用建议

This skill asks you to download and run an unsigned third-party executable and to export your X/Twitter session cookies—doing so hands that binary the ability to act as your account. Before installing: (1) prefer official OAuth/API-key based integrations over exporting cookies; (2) if you must use this, review the executable’s source code or use builds from a verified maintainer and verify checksums/signatures; (3) run the binary in an isolated environment (VM/container) and not on your primary machine; (4) treat cookies.json like a password—store it securely and delete/revoke the session after use; (5) consider alternatives or ask the author for a signed release and clear privacy/security documentation. The static scanner had no files to analyze (instruction-only), so the highest-risk surface here is the external binary and the exported browser cookies.

功能分析

Type: OpenClaw Skill Name: openclaw-x Version: 0.2.2 The skill bundle is suspicious because it requires the user to download and execute an external, unvetted binary from GitHub (`https://github.com/bosshuman/openclaw-x/releases`). Crucially, it then instructs the user to export their sensitive X/Twitter authentication cookies (`cookies.json`) and provide them to this external executable. This introduces a significant supply chain risk, as the security of the user's X account depends entirely on the trustworthiness of an opaque, external binary whose code is not part of this review. While the `SKILL.md` itself does not contain malicious code or prompt injection attempts, the described setup creates a critical vulnerability for data exfiltration or unauthorized account access if the external binary is compromised or malicious.

能力评估

ℹ Purpose & Capability

Name/description match the instructions: the skill uses a local service that drives X using browser session cookies. Asking for a local helper that uses cookies to control an account is coherent with the stated purpose.

⚠ Instruction Scope

The runtime instructions tell the user to export X cookies from Chrome into cookies.json and run a third‑party executable that listens on localhost. That requires handing full session credentials to a binary and does not include guidance for protecting or verifying those credentials. The SKILL.md also instructs running an arbitrary local service without integrity checks.

⚠ Install Mechanism

No formal install spec is provided, but the guide instructs downloading an executable from a GitHub Releases page and running it. There are no checksums, signatures, or instructions to verify the binary or inspect its source—this is a high-risk operation (running an opaque binary with account cookies).

ℹ Credentials

No env vars or config paths are declared, which is consistent with an approach that uses browser cookies. However, the requirement to export cookies.json is effectively requesting highly sensitive session credentials (equivalent to full access tokens). This is proportionate to the task technically, but the SKILL.md does not provide any safeguards or alternative (OAuth/API-key) options.

✓ Persistence & Privilege

The skill does not request always: true or system-wide config changes; it is user-invocable and does not declare persistent privileges over other skills or agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openclaw-x
安装完成后，直接呼叫该 Skill 的名称或使用 /openclaw-x 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.2.2

Switch skill description to English

v0.2.1

- Added instructions for downloading platform-specific executables from GitHub Releases. - Updated setup steps: now requires exporting X cookies from Chrome and saving as `cookies.json` in the executable's directory. - Removed instructions referring to `python main.py`; users now start the service with the provided executable. - Documentation (README and SKILL.md) revised and clarified setup process for improved usability.

v0.2.0

- Added multilingual documentation: English, Japanese, and Korean versions of README and SKILL files. - Updated setup instructions for starting the openclaw-x service (now includes Python entrypoint). - Removed version field from SKILL.md. - General documentation improvements and reorganization.

v0.1.1

修复 Cookie 登录、时间线加载崩溃和用户信息显示异常

元数据

Slug openclaw-x

版本 0.2.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 4

常见问题

OpenClaw X 是什么？

Control your X/Twitter account — view timeline, search tweets, post, like, retweet, bookmark. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 583 次。

如何安装 OpenClaw X？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-x」即可一键安装，无需额外配置。

OpenClaw X 是免费的吗？

是的，OpenClaw X 完全免费（开源免费），可自由下载、安装和使用。

OpenClaw X 支持哪些平台？

OpenClaw X 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 OpenClaw X？

由 bosshuman（@bosshuman）开发并维护，当前版本 v0.2.2。