← 返回 Skills 市场
dorukardahan

twitterapi-io

作者 dorukardahan · GitHub ↗ · v3.8.5 · MIT-0
cross-platform ⚠ suspicious
1147
总下载
1
收藏
0
当前安装
20
版本数
在 OpenClaw 中安装
/install twitterapi-io
功能描述
Interact with Twitter/X via TwitterAPI.io — search tweets, get user info, post tweets, like, retweet, follow, send DMs, and more. Covers all 67 active endpoi...
安全使用建议
This skill appears to implement what it claims (TwitterAPI.io endpoints) but the package metadata fails to declare the sensitive inputs it actually needs. Before installing: 1) confirm the registry/provider will require you to supply TWITTERAPI_IO_KEY (X-API-Key) and that this will be stored/used securely; 2) understand that write operations need login_cookies (session cookie from login) and a residential proxy (credentials), both of which are highly sensitive — do not paste them into public chats or unsecured logs; 3) be cautious calling endpoints that send login_cookies in GET query params (they can end up in logs/urls); 4) verify the skill author/source and prefer official Twitter/X APIs if you need long-running write access; and 5) ask the publisher to update the skill metadata to list required env vars/primary credential and to document how secrets are expected to be provided so you can make an informed decision.
功能分析
Type: OpenClaw Skill Name: twitterapi-io Version: 3.8.5 The skill bundle provides a comprehensive and well-documented interface for the TwitterAPI.io service, covering 67 endpoints for reading and writing Twitter data. While the skill handles highly sensitive information, including Twitter passwords, 2FA secrets, and session cookies, this behavior is strictly aligned with its stated purpose of facilitating account-based actions via an unofficial API. The documentation (SKILL.md and read-endpoints.md) proactively identifies and warns about security risks, such as the transmission of session cookies in GET parameters for DM history and a known backend bug in profile updates, which suggests transparency rather than malicious intent. No evidence of data exfiltration to unauthorized domains, malicious code execution, or prompt injection was found.
能力标签
cryptocan-make-purchasesrequires-sensitive-credentialsposts-externally
能力评估
Purpose & Capability
The skill's name/description (TwitterAPI.io integration) matches the SKILL.md content, but the registry metadata declares no required environment variables or primary credential while the SKILL.md repeatedly requires an X-API-Key ($TWITTERAPI_IO_KEY) and, for write actions, 'login_cookies' plus residential proxy credentials. That omission is an incoherence: a Twitter API skill should declare the API key and note additional sensitive inputs.
Instruction Scope
SKILL.md provides detailed curl examples and explicit instructions for read/write/login flows and warns about sending login_cookies in GET query params. It does not instruct the agent to read arbitrary host files, but it tells users to store the API key in a .env and to supply login_cookies and proxy credentials (sensitive). The guidance to avoid plain shell export is helpful, but the document exposes workflows that could leak secrets (login_cookies in URLs) and relies on the user to handle secrets correctly.
Install Mechanism
Instruction-only skill with no install spec and no code files — low risk from installation artifact perspective (nothing is downloaded or executed on disk).
Credentials
The skill requires at minimum TWITTERAPI_IO_KEY (X-API-Key) and—if performing writes—login_cookies and residential proxy credentials (including user:pass). None of these are declared in the registry metadata or listed as a primary credential. Requiring login cookies and proxy credentials is expected for this provider but is sensitive; the registry should declare these env/config requirements and the primary credential.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and has no install-time actions that modify other skills or system settings. Autonomous invocation is allowed (platform default) but nothing else elevates privilege.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install twitterapi-io
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /twitterapi-io 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.8.5
Remove duplicated monitored-users read reference
v3.8.4
Sync live OpenAPI write params
v3.8.3
Fix stale write header and sync version metadata
v3.8.1
Synced with latest GitHub: 67 endpoints, updated docs, error handling section
v3.8.0
Add 9 active OpenAPI endpoints and sync counts to 67
v3.7.2
Remove outdated 'not in OpenAPI' notes from tweet_timeline and tweets_timeline, correct total OpenAPI path count from 70 to 72
v3.7.1
Fix 8 documentation issues: endpoint counts, missing curl examples, param required flags, V1 auth notes, credential exposure warning
v3.7.0
Removed offline V3 endpoints (confirmed by provider). 58 active endpoints.
v3.6.0
Add 7 V3 endpoints (65 total): user_login_v3, send_tweet_v3, like_tweet_v3, retweet_v3, update_profile_v3, delete_my_x_account_v3, get_my_x_account_detail_v3
v3.5.4
fix 9 param mismatches from 3-auditor trust audit, revert fabricated fix
v3.5.3
fix: correct 6 param mismatches vs OpenAPI spec (quotes, user/search, send_dm, create/delete community, remove_user_monitor)
v3.5.2
fix avatar/banner to multipart upload, document update_profile_v2 backend bug
v3.5.1
fix: correct community endpoint param names (communityId → community_id), add missing query/queryType params to get_tweets_from_all_community
v3.5.0
Add 4 new endpoints: list/tweets, dm history, list add/remove member. Total 58 endpoints.
v3.4.2
fix: add includeReplies and includeParentTweet params to get_user_timeline
v3.4.1
fix: correct endpoint parameters (mentions, last_tweets, followers, followings) from live API docs audit
v3.4.0
Sync with MCP v1.1.6: add list_timeline + get_user_timeline, remove 7 deprecated V1 endpoints, 54 total endpoints
v3.2.0
Sync with docs.twitterapi.io: 59 endpoints confirmed, scraper fixes for method extraction
v3.1.0
v3.1: 59 endpoints, restructured references
v1.0.0
Initial publish
元数据
Slug twitterapi-io
版本 3.8.5
许可证 MIT-0
累计安装 1
当前安装数 0
历史版本数 20
常见问题

twitterapi-io 是什么?

Interact with Twitter/X via TwitterAPI.io — search tweets, get user info, post tweets, like, retweet, follow, send DMs, and more. Covers all 67 active endpoi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1147 次。

如何安装 twitterapi-io?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitterapi-io」即可一键安装,无需额外配置。

twitterapi-io 是免费的吗?

是的,twitterapi-io 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

twitterapi-io 支持哪些平台?

twitterapi-io 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 twitterapi-io?

由 dorukardahan(@dorukardahan)开发并维护,当前版本 v3.8.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论