Twitter Listen Comment

Set up the skill as a reusable local automation package.

Before installing or running this skill: (1) recognize that the skill needs a Twitter bearer token (TWITTER_TOKEN) even though the registry metadata omitted it — do not provide your primary/high-privilege token; prefer a limited-scope or throwaway account. (2) The skill sends tweet text to https://ai.6551.io and to the OpenClaw agent CLI to generate/post replies — confirm you trust that service and understand where your data may be routed. (3) The skill requires a logged-in Chrome session and the OpenClaw Chrome Relay to post comments — this allows the skill to drive your browser while logged in, so run it only on systems/accounts you control. (4) Inspect references/config.json to ensure notifyTarget/agentTarget are set correctly (to a safe chat or account) and consider running initially with --once and in a sandbox or container. (5) If you need higher assurance, ask the publisher to correct the registry metadata to declare required env vars and review the ai.6551.io privacy/trust posture.

Type: OpenClaw Skill Name: twitter-listen-comment Version: 0.1.2 The skill is classified as suspicious due to a significant indirect prompt injection vulnerability in `scripts/twitter_listen_comment.py`, where unsanitized tweet content is directly embedded into prompts sent to the OpenClaw agent. This could allow a malicious tweet to hijack the agent's browser session and perform unauthorized actions. Additionally, the skill requires a `TWITTER_TOKEN` to be sent to a third-party, non-official API endpoint (`https://ai.6551.io/open/twitter_search`), which introduces a risk of credential exposure. While these behaviors are functional for the stated purpose of Twitter automation, the lack of input sanitization and reliance on external third-party infrastructure pose meaningful security risks.