← 返回 Skills 市场
Wip X
作者
Parker Todd Brooks
· GitHub ↗
· v1.0.1
573
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wip-x
功能描述
X Platform API. Read posts, search tweets, post, upload media.
安全使用建议
This package appears to be a legitimate X/Twitter API wrapper, but review these before installing: 1) Expect to provide X credentials (bearer or full OAuth); the registry metadata omitted them — don't assume no secrets are needed. 2) The code will try to read secrets from 1Password via the 'op' CLI (executes 'op read'); confirm you want the op CLI to be used and verify the vault/item names (README vs auth.mjs disagree). 3) Only grant write-scoped OAuth tokens if you trust the code — write tokens can post or delete tweets. 4) Note the MCP server exposes tools that can be called programmatically; limit which agents or environments can run it. 5) Do a quick code review (auth.mjs, core.mjs, mcp-server.mjs) and run npm install/test in a sandboxed environment; verify dependencies and add missing ones (modelcontextprotocol sdk) before production use. If you want to proceed, prefer providing credentials via environment variables scoped to a dedicated app with minimal permissions, or run the tool in an isolated container.
功能分析
Type: OpenClaw Skill
Name: wip-x
Version: 1.0.1
The skill is suspicious due to a Local File Inclusion (LFI) vulnerability in the `upload_media` function, exposed via both `cli.mjs` and `mcp-server.mjs`. The `core.mjs` implementation uses `readFileSync(file_path)` directly with user-controlled input, allowing an attacker or a compromised agent to read arbitrary files on the system. The content of these files is then base64 encoded and sent to the X Platform API, creating a data exfiltration vector. While the `execSync` call in `auth.mjs` for 1Password integration uses a risky function, it appears to be used in a controlled manner for a legitimate purpose and is not the primary concern. The prompt injection in `README.md` is benign and aims to guide the agent's explanation of the tool.
能力评估
Purpose & Capability
Name, README, SKILL.md and code all implement an X Platform (Twitter) client with read/write functionality; the required OAuth/bearer credentials are appropriate for that purpose. However the registry metadata claims no required env vars/credentials while SKILL.md and the code clearly expect multiple X-related credentials — an inconsistency that could mislead users about what secrets will be needed.
Instruction Scope
Runtime instructions and code access credentials via environment variables and via the 1Password CLI (op read) using child_process.execSync. That behavior is consistent with the README/README troubleshooting text, but the code's default 1Password item name differs from README/SKILL.md, and the code will execute a system command to read secrets if op is available. The skill also exposes an MCP server that will accept tool calls (read/write) — make sure you understand which agent contexts can invoke those tools.
Install Mechanism
There is no install spec (instruction-only in registry) which reduces install risk, but the package includes Node code and an npm dependency (@xdevplatform/xdk) referenced in package.json and package-lock (resolved from npm). No downloads from arbitrary URLs were observed. One mismatch: mcp-server imports @modelcontextprotocol/sdk but that dependency is not listed in package.json, which is an implementation/packaging inconsistency (may cause runtime failures).
Credentials
The code and SKILL.md require sensitive credentials (X_BEARER_TOKEN and the four OAuth 1.0a tokens) and optionally 1Password vault access (OP_VAULT / OP_ITEM). Those tokens are proportional for a read+write X client, but the registry metadata omitted them and the README/SKILL.md and auth.mjs disagree on the default 1Password item name (README says item "X Platform API"; auth.mjs defaults OP_ITEM to 'X API Key - wip-01'). This mismatch could cause unexpected credential prompts or failures and increases the chance of accidental secret exposure.
Persistence & Privilege
always:false and no claimed system-wide modifications. The skill can be invoked autonomously (default platform behavior), which combined with access to OAuth credentials increases blast radius — expected for a networked API client but worth noting. The skill itself does not request permanent system-level privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wip-x - 安装完成后,直接呼叫该 Skill 的名称或使用
/wip-x触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Release.
元数据
常见问题
Wip X 是什么?
X Platform API. Read posts, search tweets, post, upload media. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 573 次。
如何安装 Wip X?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wip-x」即可一键安装,无需额外配置。
Wip X 是免费的吗?
是的,Wip X 完全免费(开源免费),可自由下载、安装和使用。
Wip X 支持哪些平台?
Wip X 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Wip X?
由 Parker Todd Brooks(@parkertoddbrooks)开发并维护,当前版本 v1.0.1。
推荐 Skills