← 返回 Skills 市场
Twitter Query
作者
alexander10011
· GitHub ↗
· v1.0.0
· MIT-0
268
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install twitter-query
功能描述
Query X/Twitter via twitterapi.io read-only APIs by account (user timeline) or by keyword (advanced search). Outputs structured JSON; no LLM, no trend scorin...
安全使用建议
This skill appears to do what it claims (fetch tweets via twitterapi.io) and the Python scripts are readable and use only stdlib. Before installing or running it:
- Treat TWITTER_API_KEY as a secret. Only provide your real key if you trust the skill and its source; consider using a throwaway/test key first.
- Verify the platform metadata: the skill's SKILL.md and scripts require TWITTER_API_KEY, but the registry metadata does not declare it — ask the publisher to update the manifest to list required env vars.
- Do not change TWITTER_API_BASE to an unknown host. If you must override it (for testing), run in an isolated environment and monitor network traffic to ensure your API key isn't sent to an unexpected endpoint.
- If you have security concerns, inspect the two scripts yourself or run them locally with your network blocked (or a proxy you control) to observe behavior. Ask the publisher to restrict or validate TWITTER_API_BASE in-code if you need stronger guarantees.
Because of the metadata inconsistency and the overridable base URL, I rate this as suspicious rather than benign; these are fixable but should be clarified before broad use.
功能分析
Type: OpenClaw Skill
Name: twitter-query
Version: 1.0.0
The skill is a legitimate tool for querying Twitter/X data via the twitterapi.io third-party service. The Python scripts (scripts/query_by_user.py and scripts/query_by_keyword.py) use standard libraries to perform read-only API calls, properly handling authentication via the TWITTER_API_KEY environment variable and sanitizing inputs through URL encoding. No indicators of data exfiltration, unauthorized execution, or malicious prompt injection were found in the code or documentation.
能力评估
Purpose & Capability
The scripts implement exactly what the name/description promise: read-only queries to twitterapi.io (user timeline and advanced search) and JSON output. However the registry metadata lists no required environment variables while SKILL.md and the scripts clearly require TWITTER_API_KEY (and optionally TWITTER_API_BASE). This metadata mismatch is inconsistent and may lead to missing user prompts or disclosure in install flows.
Instruction Scope
SKILL.md instructs the agent/user to set TWITTER_API_KEY and run the two Python scripts; the scripts only perform HTTP GETs to the configured base and print JSON to stdout. They do not access other system files, other credentials, or external telemetry endpoints. One noteworthy instruction-level detail: TWITTER_API_BASE is overrideable; if a user or agent sets that to a malicious URL the skill will send the API key there (the scripts do not restrict allowed hosts).
Install Mechanism
There is no automated install spec — this is effectively an instruction-and-scripts package. The code uses only Python stdlib and will run locally; nothing is downloaded from arbitrary third-party URLs. This is low install-surface risk.
Credentials
Functionally the skill only needs one secret (TWITTER_API_KEY), which is proportionate. But the package/registry metadata does not declare this required env var or a primary credential (the SKILL.md and scripts do). That mismatch is concerning because platforms may not surface the requirement to users. Additionally, allowing TWITTER_API_BASE to be set by env var means the key could be sent to a non-twitterapi.io host if misconfigured.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation is allowed (default) but is not combined with other alarming privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install twitter-query - 安装完成后,直接呼叫该 Skill 的名称或使用
/twitter-query触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: X/Twitter read-only queries by user timeline (last_tweets) and keyword (advanced_search) via twitterapi.io. Requires TWITTER_API_KEY. No bundled LLM.
元数据
常见问题
Twitter Query 是什么?
Query X/Twitter via twitterapi.io read-only APIs by account (user timeline) or by keyword (advanced search). Outputs structured JSON; no LLM, no trend scorin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 268 次。
如何安装 Twitter Query?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitter-query」即可一键安装,无需额外配置。
Twitter Query 是免费的吗?
是的,Twitter Query 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Twitter Query 支持哪些平台?
Twitter Query 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Twitter Query?
由 alexander10011(@alexander10011)开发并维护,当前版本 v1.0.0。
推荐 Skills