← 返回 Skills 市场
X
作者
Oliver Drobnik
· GitHub ↗
· v1.0.0
293
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install twitter-api-v2
功能描述
Access X (Twitter) via API v2: user profiles, timelines, threads, search, bookmarks, likes, and posting. Use when asked to: (1) get user info or profile, (2)...
安全使用建议
This skill appears to implement an X (Twitter) v2 CLI and is internally consistent with that purpose, but you should take these precautions before installing or running it:
- Verify the source: the registry metadata has no homepage and an unknown owner; review the full scripts/x.py locally to ensure there are no unexpected network endpoints or hidden behavior.
- Credentials: the tool asks you to place your bearer token and OAuth client credentials in ~/.openclaw/x/*.json. These are sensitive secrets stored in plaintext; only proceed if you trust the skill and the machine's security.
- OAuth flow: running auth opens your browser and starts a local HTTP server on 127.0.0.1:8080 to capture the callback. Ensure that port is acceptable to open and that the redirect URI exactly matches what you register in the developer portal.
- Billing: the documentation describes pay-per-usage billing; set spending limits in your X developer/billing console before large-scale use to avoid unexpected charges.
- Verify endpoints: the code uses api.x.com and twitter.com oauth endpoints in places; confirm endpoints are correct and expected for your developer account.
- Optional: run the script in a sandbox or inspect the code line-by-line before use. If you prefer not to store secrets on disk, consider managing tokens via a secure secrets manager and adapt the script accordingly.
功能分析
Type: OpenClaw Skill
Name: twitter-api-v2
Version: 1.0.0
The skill bundle provides a well-structured and safe implementation for interacting with the X (Twitter) API v2 using only the Python standard library. The main script (scripts/x.py) implements standard authentication flows, including Bearer tokens and OAuth 2.0 with PKCE, and correctly handles local credential storage in ~/.openclaw/x. There is no evidence of data exfiltration, malicious execution, or prompt injection attempts in SKILL.md or the supporting documentation (SETUP.md, references/pricing.md). The use of a temporary local HTTP server for OAuth callbacks is a standard and appropriate practice for CLI-based authentication.
能力评估
Purpose & Capability
The name/description (X/Twitter API v2 client) matches the included script and SKILL.md: it implements user lookup, timelines, search, bookmarks, likes, and posting. Requested runtime binary (python3) is appropriate. There are no unrelated credentials or binaries requested. Note: credentials are expected to be stored in ~/.openclaw/x/ (credentials.json, oauth2.json, tokens.json) rather than supplied via declared env vars.
Instruction Scope
SKILL.md instructs running the provided Python CLI and creating credential files under ~/.openclaw/x. The CLI performs local file I/O (read/write JSON credential/token files), network calls to X API endpoints, and runs a local HTTP server during OAuth auth to capture the callback on localhost:8080. These behaviors are consistent with implementing OAuth and API access, but they do involve reading/writing secrets and opening a local port for the auth flow.
Install Mechanism
There is no install spec — this is instruction+script only. Nothing is downloaded or extracted during install by the skill itself. The only runtime requirement is python3, which is declared and appropriate.
Credentials
The skill declares no required environment variables, which aligns with the provided instructions that store credentials in files under ~/.openclaw/x. This is proportionate to the stated functionality, but it means secrets (bearer token, client_id/secret, refresh/access tokens) are stored as plaintext JSON in the user's home directory. The skill will read/write these files and will need access to them.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It writes only to its own config path (~/.openclaw/x) and saves tokens there; it does run a transient local HTTP server on 127.0.0.1:8080 for OAuth, which is expected for the described auth flow. It does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install twitter-api-v2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/twitter-api-v2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of X (Twitter) API v2 client.
- Provides CLI access to X (Twitter) user profiles, timelines, threads, search, bookmarks, likes, and posting via API v2.
- Supports both public data (bearer token) and user-specific actions (OAuth 2.0).
- All features use Python standard library with zero dependencies.
- Clean, readable text output for all commands.
- Rate limits, billing info, and usage tips documented.
- Advanced search operators and filtering supported (e.g., exclude retweets/replies).
元数据
常见问题
X 是什么?
Access X (Twitter) via API v2: user profiles, timelines, threads, search, bookmarks, likes, and posting. Use when asked to: (1) get user info or profile, (2)... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 293 次。
如何安装 X?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitter-api-v2」即可一键安装,无需额外配置。
X 是免费的吗?
是的,X 完全免费(开源免费),可自由下载、安装和使用。
X 支持哪些平台?
X 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X?
由 Oliver Drobnik(@odrobnik)开发并维护,当前版本 v1.0.0。
推荐 Skills