X-CLI Toolkit

Full-featured X/Twitter toolkit — read, search, post, interact, DMs, lists, polls, trends. Cookie auth, proxy support, no API keys needed.

This skill appears to do what it says, but exercise caution before installing or using it with your real X account. Key points: - The tool authenticates with either a cookies.json file or username/password stored in config.json. Do NOT paste your account password into a chat with an agent unless you fully trust that agent and environment. - cookies.json contains session tokens that function like passwords; if created, they live in the skill directory and could be read by other processes/users on the machine. Prefer using a throwaway/X test account rather than your primary account. - The README explicitly suggests instructing the agent to clone/install and supply credentials automatically — this is convenient but high-risk. If you use the skill, require manual confirmation before the agent runs login/posting commands and avoid giving credentials via conversational channels. - The code depends on twikit which uses private web GraphQL endpoints (not official API). This can break or violate X's terms of service; consider legal/TOS implications. - If you decide to proceed: review the included scripts (they are present and readable), run them in an isolated environment, inspect the twikit package you install, and avoid running on a shared host. If you want safer usage, consider limiting the skill’s autonomous invocation or using a dedicated account and rotating credentials.

Type: OpenClaw Skill Name: x-cli Version: 1.0.0 The OpenClaw x-cli skill is classified as suspicious due to its broad range of powerful capabilities that, while intended for X/Twitter interaction, could be misused by a compromised or misdirected AI agent. Specifically, `scripts/x_extra.py` allows uploading arbitrary files, `scripts/x_post.py` enables posting content, `scripts/x_interact.py` can delete tweets or block users, and `scripts/x_dm.py` can send and read direct messages. While the skill itself does not exhibit malicious intent (e.g., no data exfiltration to external endpoints, no persistence mechanisms), these functionalities represent significant risks if the agent's instructions are subverted or if it's prompted to perform harmful actions. The handling of X/Twitter credentials in `scripts/x_auth.py` and `scripts/x_utils.py` via `config.json` and `cookies.json` is necessary for its operation and confined to the skill's directory, but still involves sensitive data.