← 返回 Skills 市场
patches429

X Manager

作者 Parker · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
337
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install x-manager
功能描述
Manage X (Twitter) accounts — post tweets, like, reply, retweet, view timeline, search, auto-interact, analyze data.
安全使用建议
This skill appears to do what it says, but check these things before installing: 1) It expects per-user credential files in credentials/{USER_ID}.json — ensure you are comfortable storing API keys in that location and protect that directory. 2) The SKILL metadata lists TWITTER_* env vars but the scripts ignore them — decide whether you prefer env-based or file-based credentials and adjust accordingly. 3) The scripts use the 'requests' library and optionally a 'twitterv2' client but no install steps are provided; ensure your environment has those packages. 4) Verify the Twitter API tier and tokens you provide are appropriate (some endpoints require elevated privileges). 5) Note a stray string referencing storyclaw.com in an error message — benign by itself, but if you need external hosting or redirects, confirm the origin. If you want higher assurance, ask the author for a documented install/requirements file and clarify whether env vars or credential files are the intended auth mechanism.
功能分析
Type: OpenClaw Skill Name: x-manager Version: 0.1.0 The skill provides legitimate Twitter management functionality but contains a path traversal vulnerability across all script files (e.g., scripts/post_tweet.py, scripts/get_timeline.py, scripts/search_tweets.py). The `user_id` command-line argument is used directly to construct file paths for loading credentials (e.g., `credentials/{user_id}.json`) without sanitization, which could allow an attacker to access or verify the existence of arbitrary JSON files on the system. While the code aligns with its stated purpose, this vulnerability represents a significant security flaw.
能力评估
Purpose & Capability
Name/description match the code and required credentials: the scripts implement posting, liking, replying, retweeting, timeline and search using Twitter API calls and per-user credentials.
Instruction Scope
SKILL.md and scripts confine actions to Twitter API calls and per-user credential files under credentials/{USER_ID}.json. Minor scope mismatches: SKILL.md lists env var usage as an alternative, but the scripts always load credentials from credentials/{USER_ID}.json (they do not read TWITTER_* env vars). No instructions attempt to read unrelated system files or exfiltrate data to external endpoints.
Install Mechanism
Instruction-only skill with no install spec (no code downloaded at install time). Scripts import requests and optionally a 'twitterv2' library; the skill does not declare these Python deps, so the environment must already provide them. This is a usability/robustness omission, not an obvious security hazard.
Credentials
Declared required env vars are all Twitter-related and appropriate for the stated purpose. However, the code does not actually read those env vars and instead requires per-user credential files, so the metadata's required-env list is inconsistent with implementation — a minor coherence issue but not direct evidence of malicious intent.
Persistence & Privilege
Skill is not always-enabled and is user-invocable; it does not request system-wide config changes or other skills' credentials. It stores/reads credentials in its own credentials/ directory as expected for a multi-user skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install x-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /x-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of x-manager. - Manage X (Twitter) accounts: post tweets, like, reply, retweet, view timeline, search, auto-interact, and analyze data. - Supports multi-user credentials with environment variable or JSON file binding. - Provides scripts for posting, engaging with tweets, and retrieving timelines or search results. - Auto-interaction workflow configurable per user. - Handles API rate limits, authentication errors, and tweet length issues. - Notes feature and limitation differences by Twitter API tier.
元数据
Slug x-manager
版本 0.1.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

X Manager 是什么?

Manage X (Twitter) accounts — post tweets, like, reply, retweet, view timeline, search, auto-interact, analyze data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 337 次。

如何安装 X Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-manager」即可一键安装,无需额外配置。

X Manager 是免费的吗?

是的,X Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

X Manager 支持哪些平台?

X Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 X Manager?

由 Parker(@patches429)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论