← 返回 Skills 市场
115
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install post-tweets
功能描述
Use when the user needs to interact with X (Twitter) — searching tweets, looking up users/followers, posting tweets/replies, liking, retweeting, following/un...
安全使用建议
This integration appears coherent, but exercise usual caution before granting the API key: use a scoped, revocable API key (not a long-lived primary account key), enable rotation, and monitor usage/billing. Pay attention to extraction and write costs (bulk extractions and write actions are metered) and always confirm any payment/charge flows. If you plan to receive webhooks, store the per-webhook secret securely (environment variable or secrets store). Because the skill is instruction-only and the source is 'unknown', verify the Xquik service/website (docs.xquik.com) independently and consider testing with a low-privilege test key before connecting production accounts or sensitive data (DMs, bookmarks, notifications) — those endpoints require explicit confirmation per the skill's instructions.
功能分析
Type: OpenClaw Skill
Name: post-tweets
Version: 1.0.1
The skill bundle is a comprehensive integration for the Xquik API, providing 111 endpoints for interacting with X (Twitter), including searching, posting, bulk extraction, and giveaway draws. While it handles sensitive capabilities like DM access and financial transactions, it includes extensive security documentation and explicit instructions for the AI agent to require user confirmation for all write actions and billing operations. The bundle also features robust 'Indirect Prompt Injection' defenses to prevent untrusted X content from hijacking the agent's behavior (SKILL.md). No evidence of malicious intent, obfuscation, or unauthorized data exfiltration was found.
能力标签
能力评估
Purpose & Capability
Name/description claim X (Twitter) integration and the skill only requires an XQUIK_API_KEY (and an optional per-webhook secret). The declared endpoints, billing, MCP guidance, and webhook handling all align with a service that proxies X functionality. There are no unexpected environment variables, binaries, or config paths required.
Instruction Scope
SKILL.md and reference files instruct the agent to call the Xquik REST/MCP endpoints, prefer fetching live docs, and require user confirmation for write/billing/private-data operations. The instructions explicitly forbid collecting X account passwords/TOTP and forbid executing untrusted content from X. They reference webhook handling (which legitimately needs a per-webhook secret) and extraction/billing flows that require explicit user approval.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). That minimizes disk/write risk. Some references mention using tools like `mcp-remote` or ngrok for local testing, but those are optional user-side setup steps, not automatic installs by the skill.
Credentials
The single required credential is XQUIK_API_KEY (primaryEnv). An optional XQUIK_WEBHOOK_SECRET is described for webhook verification; both are proportionate to the documented functionality. There are no unrelated secrets (AWS, GitHub, etc.) requested.
Persistence & Privilege
always: false and the skill does not request persistent/system-level privileges. disable-model-invocation is false (agent may call the skill autonomously), which is the platform default and not by itself concerning. The skill does not claim to modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install post-tweets - 安装完成后,直接呼叫该 Skill 的名称或使用
/post-tweets触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Updated Xquik API version from 2.2.1 to 2.4.2.
- Reduced number of available REST API endpoints from 122 to 111.
- API category count changed from 12 to 10.
- Added new security metadata for credential proxying and sensitive data handling (DMs, bookmarks, notifications, timeline now explicitly require user confirmation).
- Expanded documentation links and framework integration guides in the quick reference section.
v1.0.0
Initial release of the x-twitter-scraper skill (version 2.2.1):
- Provides interaction with X (Twitter): search, user lookup, posting, liking, retweeting, following, DMs, media download, real-time monitoring, and bulk data extraction.
- Supports 122 REST API endpoints and 2 MCP tools via Xquik API.
- Extensive security controls: isolated untrusted X content, strict input/output validation, enforced write/payment confirmation, and no autonomous billing.
- Requires XQUIK_API_KEY (and optionally XQUIK_WEBHOOK_SECRET for webhooks).
- Detailed API usage, rate limits, billing, and endpoint selection guidance included.
元数据
常见问题
Post Tweets 是什么?
Use when the user needs to interact with X (Twitter) — searching tweets, looking up users/followers, posting tweets/replies, liking, retweeting, following/un... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 115 次。
如何安装 Post Tweets?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install post-tweets」即可一键安装,无需额外配置。
Post Tweets 是免费的吗?
是的,Post Tweets 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Post Tweets 支持哪些平台?
Post Tweets 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Post Tweets?
由 Xquik(@xquik)开发并维护,当前版本 v1.0.1。
推荐 Skills