Twitter Search

Advanced Twitter search and social media data analysis. Fetches tweets by keywords using Twitter API, processes up to 1000 results, and generates professional data analysis reports with insights and actionable recommendations. Use when user requests Twitter/X social media search, social media trend analysis, tweet data mining, social listening, influencer identification, topic sentiment analysis from tweets, or any task involving gathering and analyzing Twitter data for insights.

This skill appears to implement the described Twitter search and analysis functionality, but take these precautions before using it: 1) Metadata omission: the registry did not declare the required TWITTER_API_KEY — assume you must provide it. 2) Inspect the code yourself (scripts/run_search.sh and scripts/twitter_search.py) before running. 3) Do NOT let the wrapper script eval arbitrary content from your ~/.bashrc or ~/.zshrc: either set TWITTER_API_KEY in your current shell manually or pass the key as --api-key to the wrapper or as the first argument to the Python script. 4) Consider running the scripts in an isolated environment (container or VM) because the wrapper will run pip install if requests is missing. 5) Verify the external API host (twitterapi.io) and its trustworthiness and privacy policy. 6) Prefer passing the key on the command line or exporting it in a controlled, vetted profile file rather than allowing the script to parse and eval your shell rc files. If you need to install this skill for production use, ask the publisher to: (a) declare TWITTER_API_KEY in metadata, (b) remove eval and parse the key safely, (c) avoid implicit pip installs or document them clearly, and (d) document data retention and where query results are transmitted or stored.

Type: OpenClaw Skill Name: twitter-search-skill Version: 0.1.2 The skill is classified as suspicious primarily due to the use of `eval` in `scripts/run_search.sh`. This command is used to load the `TWITTER_API_KEY` from `~/.bashrc` or `~/.zshrc` by executing the output of a `grep` command. While the `grep` attempts to narrow the scope to a specific `export` line, `eval` is inherently a high-risk command that could be exploited if the user's shell configuration file were already compromised, potentially leading to arbitrary code execution. The skill also makes external network calls to `https://api.twitterapi.io` for its core functionality, which is expected for a Twitter search skill but involves transmitting an API key to a third-party service. No clear evidence of intentional malicious behavior (e.g., data exfiltration to unauthorized endpoints, persistence, or prompt injection) was found, but the `eval` usage represents a significant security risk.