← 返回 Skills 市场
X OAuth API
作者
Neal Meyer
· GitHub ↗
· v1.1.0
· MIT-0
1335
总下载
2
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install x-oauth-api
功能描述
Post to X (Twitter) using the official OAuth 1.0a API. Use when asked to "post to X", "tweet this", "post on Twitter", create threads, delete tweets, or chec...
安全使用建议
What to check before installing:
- Verify you are comfortable providing a dedicated X (Twitter) app's OAuth credentials; these tokens grant full ability to post/delete as that account. Use a dedicated app and tokens, not high-privilege or shared keys.
- The package contains Node code and a package.json (node >=16) but the skill metadata does not declare Node as a required binary or provide an install step. Make sure your environment has Node and install dependencies (npm install) before expecting the CLI to work.
- The included scripts will create logs and state files under $HOME/.openclaw/x-poster and $HOME/.openclaw/heartbeat (or the path you set with OPENCLAW_STATE_DIR). If you do not want files written there, inspect and modify scripts first or run in an isolated container/VM.
- Automation capability: generic-post.sh is a template for automated posting. Do not schedule or enable it unless you review and customize get_content() to avoid accidental or unwanted posts.
- Review the code (bin/x.js, the shell scripts) yourself; the code appears to only contact api.twitter.com and read env vars, but you should verify there are no hidden endpoints or unexpected network calls in the runtime you will use.
- As a precaution, test with a throwaway or low-privilege account/app, and rotate credentials after testing if you suspect exposure.
If you want me to, I can: (a) extract and show the exact lines that create files/dirs, (b) produce a minimal checklist to safely run this skill inside a container, or (c) search the code for any network calls beyond api.twitter.com.
功能分析
Type: OpenClaw Skill
Name: x-oauth-api
Version: 1.1.0
The skill is a standard implementation for interacting with the X (Twitter) API v2 using OAuth 1.0a. It provides a Node.js CLI (bin/x.js) and helper shell scripts (generic-post.sh, heartbeat.sh) for posting tweets, managing threads, and checking account status. The code correctly handles sensitive credentials via environment variables without evidence of exfiltration, and the dependencies (twitter-api-v2, commander, dotenv) are industry-standard for this functionality.
能力评估
Purpose & Capability
Name, description, CLI commands, and the code (bin/x.js) all align: the skill posts tweets, threads, deletes tweets, and queries account/mentions/search via X API v2 using OAuth 1.0a. The required environment variables (the four OAuth values) are exactly what the code uses.
Instruction Scope
Runtime instructions and README correctly describe using environment variables and direct requests to api.twitter.com. However, included helper scripts (generic-post.sh, heartbeat.sh) create state and log files under $HOME/.openclaw/... (or $OPENCLAW_STATE_DIR) and are designed for automated posting/monitoring. SKILL.md and registry metadata did not declare these state/config paths; users should be aware the skill will write logs and state files and can be used to automate posts.
Install Mechanism
There is no install specification in the registry metadata even though the bundle contains node code (bin/x.js), package.json, and package-lock.json with npm dependencies. The skill metadata lists no required binaries, but the code requires Node (package.json specifies node >=16) and uses npm packages. This mismatch (no declared Node/runtime requirement or install steps) is an incoherence and could cause surprises or failed installations.
Credentials
The skill only requests the four OAuth environment variables required for OAuth 1.0a (consumer key/secret and access token/secret). An optional X_USER_ID is referenced but not required. No unrelated credentials or secrets are requested.
Persistence & Privilege
The skill does not request 'always: true' or elevated platform privileges. It does, however, persist state and logs to user-writable directories (~/.openclaw/...). The presence of automation templates (generic-post.sh) and a heartbeat script means this package is set up to run recurring/automated posts if a user enables or schedules those scripts — consider this before enabling automation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install x-oauth-api - 安装完成后,直接呼叫该 Skill 的名称或使用
/x-oauth-api触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Fix YAML description to use trigger-phrase format (Use when/NOT for). Add Gotchas: free tier limits, credential rotation, trailing newline auth failures, per-endpoint rate limits, permissions order.
v1.0.0
Initial release - post tweets, threads, account lookup. Free tier compatible.
元数据
常见问题
X OAuth API 是什么?
Post to X (Twitter) using the official OAuth 1.0a API. Use when asked to "post to X", "tweet this", "post on Twitter", create threads, delete tweets, or chec... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1335 次。
如何安装 X OAuth API?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-oauth-api」即可一键安装,无需额外配置。
X OAuth API 是免费的吗?
是的,X OAuth API 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
X OAuth API 支持哪些平台?
X OAuth API 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X OAuth API?
由 Neal Meyer(@ngmeyer)开发并维护,当前版本 v1.1.0。
推荐 Skills