← 返回 Skills 市场
Wip Xai X Private
作者
Parker Todd Brooks
· GitHub ↗
· v1.0.4
· MIT-0
257
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install wip-xai-x
功能描述
X Platform API. Read posts, search tweets, get bookmarks, post tweets, upload media.
安全使用建议
This repo mostly does what it says (X API wrapper) but pay attention to three things before installing: 1) Metadata mismatch — the registry claims no required env vars but the skill expects X_BEARER_TOKEN and/or the full OAuth 1.0a tokens (and optional X_OP_VAULT/X_OP_ITEM). Ask the publisher to declare these explicitly. 2) auth.mjs runs the 1Password CLI via execSync to read secrets: that will execute a shell command in your environment to access vault items; if you prefer, provide credentials via environment variables instead and ensure the 'op' CLI isn't available or pointed at unrelated vaults. 3) upload_media reads local files by path (readFileSync) and will upload their contents to X — do not allow the skill to run in contexts where it can access sensitive files, and be cautious about allowing autonomous agent invocation of the MCP tools (an agent could call upload_media to exfiltrate files). Recommended actions: review/verify the code yourself, ensure registry metadata is corrected, run the skill in a least-privileged environment, and avoid granting it access to secrets or sensitive filesystem paths unless you trust the author and have validated the code.
功能分析
Type: OpenClaw Skill
Name: wip-xai-x
Version: 1.0.4
The skill bundle provides a legitimate interface for the X (Twitter) API but contains a shell injection vulnerability in auth.mjs. The opRead function uses execSync to call the 1Password CLI with unsanitized input from environment variables (X_OP_VAULT and X_OP_ITEM), which could allow arbitrary command execution if those variables are maliciously crafted. While the intent appears to be credential management, the implementation is insecure.
能力评估
Purpose & Capability
The code and SKILL.md implement an X Platform API wrapper (read + write, search, bookmarks, media upload) which aligns with the name/description. However the registry metadata claims no required environment variables while SKILL.md and the code clearly expect X_BEARER_TOKEN / X_API_KEY / X_API_SECRET / X_ACCESS_TOKEN / X_ACCESS_TOKEN_SECRET (and optional X_OP_VAULT/X_OP_ITEM). That metadata mismatch is incoherent and should be corrected.
Instruction Scope
SKILL.md and auth.mjs instruct the agent to resolve credentials via environment variables or by invoking the 1Password CLI. The code uses child_process.execSync('op read ...') to pull fields from 1Password and uses readFileSync(file_path) to load files for upload. Reading secrets from 1Password and reading arbitrary local file paths (then uploading them to X) are within the stated feature set, but they are sensitive actions and expand the runtime scope beyond simple API calls.
Install Mechanism
This is instruction- and code-based (no download install spec). Package.json lists normal npm dependencies (@xdevplatform/xdk, @modelcontextprotocol/sdk). There is no remote archive download or obscure install URL. Risk from install mechanism itself is low.
Credentials
The credentials requested (bearer token and full OAuth 1.0a tokens) are appropriate for a Twitter/X wrapper. However the registry metadata does not declare these required env vars while SKILL.md and auth.mjs do, and auth.mjs also reads X_OP_VAULT/X_OP_ITEM (1Password configuration) not declared in metadata. The code also runs the 'op' CLI which will read secrets from the user's 1Password; lack of explicit declaration in the registry is a red flag for transparency.
Persistence & Privilege
The skill is not marked always:true and does not change other skills' configs. It exposes an MCP stdio server which registers tools the agent can call; combined with the ability to upload arbitrary local files, that creates an elevated exfiltration risk if the agent is allowed to invoke the skill autonomously. Autonomous invocation alone is normal but should be considered in light of the file-read + external upload capability.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wip-xai-x - 安装完成后,直接呼叫该 Skill 的名称或使用
/wip-xai-x触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
# wip-xai-x v1.0.4
Two fixes for MCP server startup:
1. v1.0.3: Added @modelcontextprotocol/sdk to dependencies (was imported but not declared). Closes wipcomputer/wip-xai-x#3
2. v1.0.4: Fixed schema imports (ListToolsRequestSchema/CallToolRequestSchema instead of method literals). Closes wipcomputer/wip-xai-x#4
## Issues closed
- Closes #4
v1.0.3
# wip-xai-x v1.0.3
Fix: add @modelcontextprotocol/sdk to dependencies. MCP server was failing with ERR_MODULE_NOT_FOUND when deployed via ldm install.
## Issues closed
- Closes #3
元数据
常见问题
Wip Xai X Private 是什么?
X Platform API. Read posts, search tweets, get bookmarks, post tweets, upload media. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 257 次。
如何安装 Wip Xai X Private?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wip-xai-x」即可一键安装,无需额外配置。
Wip Xai X Private 是免费的吗?
是的,Wip Xai X Private 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Wip Xai X Private 支持哪些平台?
Wip Xai X Private 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Wip Xai X Private?
由 Parker Todd Brooks(@parkertoddbrooks)开发并维护,当前版本 v1.0.4。
推荐 Skills