← 返回 Skills 市场
feiskyer

xfetch

作者 Pengfei Ni · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
369
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install xfetch
功能描述
Use xfetch CLI to fetch X/Twitter data - tweets, user profiles, search results, timelines, lists, DMs, and notifications. Use this skill whenever you need to...
安全使用建议
This SKILL.md is coherent with a cookie-based X/Twitter scraper, but it requires reading browser cookies/profiles (sensitive) and implies using an npm package (@lxgic/xfetch) from an unknown source. Before installing or using it: 1) Confirm where the 'xfetch' binary would come from and review the npm package source and maintainer; 2) Consider the privacy risk of allowing access to your browser profile/cookies and DMs — don't run it on machines with sensitive accounts; 3) Prefer using official APIs with scoped credentials where possible; 4) If you must run it, do so in an isolated environment (VM/container) and inspect where it stores auth tokens and any downloaded code; 5) Be aware this may violate X/Twitter terms of service and could expose private messages and tokens if misused.
功能分析
Type: OpenClaw Skill Name: xfetch Version: 1.0.0 The xfetch skill provides an AI agent with the capability to extract sensitive browser cookies (via `xfetch auth extract`) and access private user data including Direct Messages and notifications. While these features are aligned with the stated purpose of a Twitter scraper, the ability to programmatically retrieve browser credentials and private communications poses a high risk for data exfiltration and credential theft if the agent is manipulated. No explicit malicious exfiltration endpoints or obfuscated commands were found in the SKILL.md or _meta.json files.
能力评估
Purpose & Capability
The name/description state the tool fetches X/Twitter data and the SKILL.md describes exactly that (tweets, profiles, DMs, notifications, exports). The requested capabilities (cookie-based auth, pagination, output formats) are coherent with a scraper CLI.
Instruction Scope
The SKILL.md explicitly instructs extracting cookies from the user's browser (chrome/firefox/safari/arc/brave and specific profiles), setting auth tokens, reading/writing cursor state and output DB/files, and accessing DMs and bookmarks. Those actions require reading local browser profile data and writing local files — sensitive operations not declared elsewhere. The instructions also allow proxy URLs with credentials and proxy-file rotation, which could cause credential handling/storage concerns.
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself, but the markdown references running the CLI via 'npx @lxgic/xfetch' / 'bunx @lxgic/xfetch' and says it's installed globally as 'xfetch'. That implies runtime downloading/executing an npm package from an external registry (supply-chain risk). The skill does not supply a vetted install source or verify package integrity.
Credentials
requires.env is empty, but the instructions require access to local browser cookies/profiles and accept proxy URLs (which can include credentials). The skill can store auth tokens and output files. These are highly sensitive capabilities relative to the simple 'fetch tweets' description and should be explicitly declared and justified.
Persistence & Privilege
The skill is not marked 'always:true' and is user-invocable; it does instruct saving and clearing its own auth state but does not request persistent platform privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with an 'always' flag.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install xfetch
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /xfetch 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of xfetch – a CLI tool for scraping and exporting X/Twitter data using browser cookies. - Fetch tweets, user profiles, threads, timelines, lists, DMs, and notifications via simple CLI commands. - Flexible authentication using browser cookie extraction or manual token entry. - Extensive pagination and formatting options: output as JSON, JSONL, CSV, or directly to SQLite. - Supports timeline, search, user lookup, likes, bookmarks, lists, followers, DMs, and notifications. - Includes options for proxies, request delay, color control, and error recovery via query ID refresh.
元数据
Slug xfetch
版本 1.0.0
许可证
累计安装 3
当前安装数 2
历史版本数 1
常见问题

xfetch 是什么?

Use xfetch CLI to fetch X/Twitter data - tweets, user profiles, search results, timelines, lists, DMs, and notifications. Use this skill whenever you need to... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 369 次。

如何安装 xfetch?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install xfetch」即可一键安装,无需额外配置。

xfetch 是免费的吗?

是的,xfetch 完全免费(开源免费),可自由下载、安装和使用。

xfetch 支持哪些平台?

xfetch 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 xfetch?

由 Pengfei Ni(@feiskyer)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论