← 返回 Skills 市场
zaaachary

X Twitter

作者 Zaaachary · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
1210
总下载
2
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install x-twitter-api
功能描述
X (Twitter) API client for searching tweets, retrieving article content, and fetching trending topics. Supports both Bearer Token (app-only) and OAuth 2.0 authentication.
安全使用建议
This skill appears to do what it says: three Python scripts that call X's API using a bearer token. Before installing or running: 1) Confirm you are comfortable storing X_BEARER_TOKEN in your environment (anyone with the token can access your app-level API). 2) Note the SKILL.md claim about OAuth 2.0 is not implemented in the scripts — if you need user-auth flows, this package doesn't provide them. 3) Review the scripts (they are short) before running and consider running them in an isolated environment; they only connect to https://api.x.com/2 and optionally write results to files you specify. 4) Be aware some endpoints (trends) may require a paid tier; check your token permissions and rate limits. If you need the skill to support OAuth flows or to avoid storing long-lived tokens in env vars, ask the author for clarification or an updated release.
功能分析
Type: OpenClaw Skill Name: x-twitter-api Version: 1.0.1 The skill bundle is suspicious due to a path traversal vulnerability in all three Python scripts (`scripts/get_article.py`, `scripts/get_trends.py`, `scripts/search_tweets.py`). The `--save` argument, which allows users to specify an output file, does not sanitize input, potentially allowing an attacker to write arbitrary JSON content to any file on the system where the agent has write permissions (e.g., `../../../../etc/passwd`). There is no evidence of intentional malicious behavior like data exfiltration to external endpoints, backdoors, or prompt injection against the agent.
能力评估
Purpose & Capability
Name/description match the code: scripts perform tweet search, article/tweet retrieval, and trends using X API v2. Minor inconsistency: SKILL.md / description say the skill “supports both Bearer Token (app-only) and OAuth 2.0”, but the included scripts only use a bearer token (X_BEARER_TOKEN) and do not implement an OAuth flow. Also the registry summary above listed “Required env vars: none” while the package declares a primary credential X_BEARER_TOKEN and SKILL.md instructs users to set it.
Instruction Scope
SKILL.md and the scripts only direct the agent/user to run the included Python scripts, set X_BEARER_TOKEN, call https://api.x.com/2 endpoints, and optionally save outputs to files. The instructions do not ask the agent to read arbitrary host files, other credentials, or exfiltrate data to unexpected endpoints.
Install Mechanism
No install spec; the skill is instruction-first and bundles small Python scripts. There are no remote downloads, installers, or extracted archives. Required runtime is just python3 and the requests library (imported in scripts), which is expected for these scripts.
Credentials
Only a single credential (X_BEARER_TOKEN) is used as the primary credential. That is proportionate to a client that makes authenticated calls to the X API. No unrelated secrets or config paths are requested.
Persistence & Privilege
always: false and disable-model-invocation: false (standard). The skill does not request permanent system-wide changes, nor does it modify other skills' configs. It only reads X_BEARER_TOKEN and writes user-specified output files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install x-twitter-api
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /x-twitter-api 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix: Add 'article' field to tweet.fields API parameter to retrieve full article content via X API v2
v1.0.0
- Initial release of the x-twitter API skill. - Provides scripts to search tweets, retrieve article/tweet content, and fetch trending topics from X (Twitter). - Supports Bearer Token and OAuth 2.0 authentication. - Includes usage examples, advanced query operators, and output/export options. - Handles API errors and rate limits with automatic retry logic. - Detailed setup and API limit information included in documentation.
元数据
Slug x-twitter-api
版本 1.0.1
许可证
累计安装 5
当前安装数 3
历史版本数 2
常见问题

X Twitter 是什么?

X (Twitter) API client for searching tweets, retrieving article content, and fetching trending topics. Supports both Bearer Token (app-only) and OAuth 2.0 authentication. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1210 次。

如何安装 X Twitter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-twitter-api」即可一键安装,无需额外配置。

X Twitter 是免费的吗?

是的,X Twitter 完全免费(开源免费),可自由下载、安装和使用。

X Twitter 支持哪些平台?

X Twitter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 X Twitter?

由 Zaaachary(@zaaachary)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论