← 返回 Skills 市场
abdelkrim

X/Twitter by altf1be

作者 Abdelkrim from Brussels · GitHub ↗ · v1.1.3 · MIT-0
cross-platform ⚠ suspicious
929
总下载
1
收藏
3
当前安装
7
版本数
在 OpenClaw 中安装
/install x-twitter-by-altf1be
功能描述
Post tweets, threads, and media to X/Twitter via API v2 — secure OAuth 1.0a signing, minimal dependencies (commander + dotenv only).
安全使用建议
This skill appears to do exactly what it claims: post tweets/threads and upload media using your X/Twitter OAuth keys. Before installing: (1) Verify you trust the skill source (GitHub link in metadata). (2) Keep the four OAuth secrets private (store in .env, do not commit). (3) Run npm install in an isolated environment if you are cautious — package-lock.json is present and shows only 'commander' and 'dotenv'. (4) Note the script will read media files you explicitly pass; it enforces path and extension checks (only under home/working-dir/tmp and common image/video extensions). (5) The README mentions a Bearer Token but the code does not use one — expect only OAuth consumer/access keys. Rotate keys if you later revoke access. If you want additional assurance, review the full scripts/xpost.mjs file before running and test with a throwaway/test account first.
功能分析
Type: OpenClaw Skill Name: x-twitter-by-altf1be Version: 1.1.3 The skill provides a well-structured CLI for interacting with the X (Twitter) API v2. The implementation in `scripts/xpost.mjs` includes proactive security measures, such as a `validateFilePath` function that prevents Local File Inclusion (LFI) by restricting file access to specific allowed directories and blocking sensitive paths like `.ssh`, `.env`, and `/etc/`. It uses standard OAuth 1.0a signing via built-in Node.js crypto modules and maintains a minimal dependency footprint (only `commander` and `dotenv`).
能力评估
Purpose & Capability
Name/description (post tweets/threads/media) matches the code and required environment variables (X_CONSUMER_KEY, X_CONSUMER_SECRET, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET). No unrelated credentials or external services are requested.
Instruction Scope
SKILL.md only instructs installing dependencies and running the included CLI. The runtime instructions and the script operate only on user-provided content and the four OAuth env vars. Minor documentation mismatch: README mentions a 'Bearer Token' in prerequisites, but neither SKILL.md nor the code use a bearer token (the script uses OAuth 1.0a and v1.1 upload endpoints for media).
Install Mechanism
No install spec in registry (instruction-only), but SKILL.md/README instructs 'npm install' which will pull 'commander' and 'dotenv' from the npm registry. This is expected for a Node CLI but carries the usual moderate risk of fetching packages from npm; package-lock.json is included and shows concrete versions.
Credentials
Only the four OAuth secrets required are declared and used by the code; these are proportionate to posting tweets and uploading media. The skill does not request unrelated secrets or system credentials.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It does not modify other skill configs or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install x-twitter-by-altf1be
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /x-twitter-by-altf1be 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.3
Fix: remove dead bearerToken code path, fix description inconsistency (was claiming no deps), align versions across files
v1.1.2
Fix: replace dynamic env access with explicit named env vars to avoid false positive security flag
v1.1.1
Re-publish with CLI v0.8.0 to fix blocked status (issue #669)
v1.1.0
Re-publish with updates
v1.0.2
Fix LFI vulnerability: validate file paths for --media and --file options with directory allowlist, sensitive path blocking, and media extension enforcement
v1.0.1
Fix: remove unused deps (crypto, oauth-1.0a), make bearer token optional, accurate security claims
v1.0.0
Initial release: tweet, thread, media, verify via X API v2 with OAuth 1.0a
元数据
Slug x-twitter-by-altf1be
版本 1.1.3
许可证 MIT-0
累计安装 4
当前安装数 3
历史版本数 7
常见问题

X/Twitter by altf1be 是什么?

Post tweets, threads, and media to X/Twitter via API v2 — secure OAuth 1.0a signing, minimal dependencies (commander + dotenv only). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 929 次。

如何安装 X/Twitter by altf1be?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-twitter-by-altf1be」即可一键安装,无需额外配置。

X/Twitter by altf1be 是免费的吗?

是的,X/Twitter by altf1be 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

X/Twitter by altf1be 支持哪些平台?

X/Twitter by altf1be 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 X/Twitter by altf1be?

由 Abdelkrim from Brussels(@abdelkrim)开发并维护,当前版本 v1.1.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论