← 返回 Skills 市场
Twitter Operations
作者
millymilton
· GitHub ↗
· v1.0.0
3422
总下载
0
收藏
15
当前安装
1
版本数
在 OpenClaw 中安装
/install twitter-operations
功能描述
Automate and manage Twitter/X accounts by posting, scheduling, replying, analyzing, tracking trends, managing followers, and handling media and analytics.
安全使用建议
This skill's manifest looks functionally plausible for Twitter/X automation, but there are important gaps and mismatches you should resolve before installing: 1) Ask the author to provide a clear description and to update registry metadata to declare the required credentials (OAuth keys/tokens) and config paths explicitly. 2) Verify where credentials are stored and whether they are encrypted; prefer environment variables or a secure secrets store over plaintext files in your home directory. 3) Confirm how webhooks are used and whether any monitored content could be forwarded externally; never supply a webhook you do not control. 4) Request an install spec or vetted package instructions for the listed Python dependencies so you can review and control what is installed. 5) Be cautious with features that scrape data or perform bulk follow/unfollow/block operations — they can violate platform policies and enable abusive behavior. If you cannot verify the author or get these clarifications, test the skill in an isolated account and environment or do not install.
功能分析
Type: OpenClaw Skill
Name: twitter-operations
Version: 1.0.0
The skill is classified as suspicious due to several high-risk capabilities, even though no explicit malicious intent is demonstrated in the provided files. Key indicators include the ability to 'scrape tweets and user profiles' and 'archive tweets and user data' (implying extensive data collection), the `python-dotenv` dependency (allowing access to environment variables), and the use of 'alert-webhook' in examples (demonstrating outbound network connections to arbitrary URLs, a potential exfiltration vector). Additionally, 'bulk operations' and local file writing for analytics (`~/twitter_stats.csv`) present further risks if misused.
能力评估
Purpose & Capability
The skill manifest clearly targets Twitter/X automation (posting, streaming, OAuth auth, scraping, bulk follow/unfollow, archiving, multi-account management). However the registry metadata declares no required environment variables, no primary credential, and no config paths — yet the SKILL.md references OAuth auth, a credentials_file, cache/log/archive directories, and many API endpoints. That mismatch between declared requirements and the manifest is incoherent.
Instruction Scope
SKILL.md includes instructions and examples that imply writing persistent credential files (~/.openclaw/twitter_credentials.json), archiving and caching user data, scraping tweets and profiles, performing bulk operations, and sending alerts to external webhooks (example: https://hooks.example.com). Those behaviors involve reading/writing persistent storage and transmitting potentially large amounts of user data to third parties — scope that isn't described in the top-level metadata and could enable data exfiltration or abusive automation if misused.
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself. However the SKILL.md lists numerous Python dependencies (tweepy, requests-oauthlib, python-dotenv, pandas, beautifulsoup4, etc.) but provides no automated install instructions. That inconsistency can lead to runtime failures or ad-hoc installation of packages by the integrator; it is not direct code-execution risk from the registry, but it's an implementation gap that should be clarified.
Credentials
Although manifest metadata lists no required env vars or primary credential, the instructions explicitly expect OAuth credentials, reference storing credentials on disk, and suggest using environment variables or encrypted files. The skill also supports sending events to external webhooks — a channel that could carry sensitive data. Requesting no declared credentials while requiring them at runtime is disproportionate and a practical mismatch that raises security questions.
Persistence & Privilege
The skill will persist files under ~/.openclaw (credentials, cache, logs, archives) according to SKILL.md. It does not request always:true, nor system-wide config changes, but it does expect to create and read persistent files in the user's home directory. This is expected for an automation tool but should be explicit in declared config paths and documented encryption/permissions behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install twitter-operations - 安装完成后,直接呼叫该 Skill 的名称或使用
/twitter-operations触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release with comprehensive Twitter automation.
元数据
常见问题
Twitter Operations 是什么?
Automate and manage Twitter/X accounts by posting, scheduling, replying, analyzing, tracking trends, managing followers, and handling media and analytics. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3422 次。
如何安装 Twitter Operations?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitter-operations」即可一键安装,无需额外配置。
Twitter Operations 是免费的吗?
是的,Twitter Operations 完全免费(开源免费),可自由下载、安装和使用。
Twitter Operations 支持哪些平台?
Twitter Operations 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Twitter Operations?
由 millymilton(@millymilton)开发并维护,当前版本 v1.0.0。
推荐 Skills