← 返回 Skills 市场
0xnyk

Xint

作者 0xNyk · GitHub ↗ · v2026.2.26 · MIT-0
cross-platform ⚠ suspicious
1081
总下载
3
收藏
6
当前安装
18
版本数
在 OpenClaw 中安装
/install xint
功能描述
X Intelligence CLI — search, analyze, and engage on X/Twitter from the terminal. Use when: (1) user says "x research", "search x for", "search twitter for",...
安全使用建议
This package appears to be a full-featured X/Twitter CLI (search, watch, OAuth, xAI analysis) and the code and README substantiate that. However: (1) the platform metadata claims 'instruction-only' and 'no required env vars' while SKILL.md and the code require an X_BEARER_TOKEN and optionally xAI and OAuth keys — treat that mismatch as a red flag; (2) the repo includes an installer (install.sh) and many code files, so don't assume it's a lightweight instruction-only skill; (3) a prompt-injection pattern was flagged in SKILL.md — audit agent-facing instruction text if you plan to let an automated agent use this skill. Recommended steps before installing/using: verify the upstream GitHub repository and owner, inspect install.sh and xint.ts locally (don't run curl|bash blindly), confirm the code only calls the documented X/xAI endpoints (api.x.com, x.com, api.x.ai), run in an isolated environment or container, never provide credentials to unknown hosts, set XINT_MCP_AUTH_TOKEN before enabling MCP on non-loopback hosts, and prefer manual invocation rather than granting autonomous model invocation until you are satisfied with the code and metadata alignment.
功能分析
Type: OpenClaw Skill Name: xint Version: 2026.2.26 The xint skill bundle is a highly sophisticated and well-engineered CLI tool for X (Twitter) intelligence and research. It features robust integrations with the X API v2 and xAI's Grok models, including an MCP server for AI agent interaction. Security practices are consistently applied throughout the codebase: OAuth tokens are stored with restrictive permissions (chmod 600 in lib/oauth.ts), remote webhooks are restricted to HTTPS with optional host allowlisting (lib/webhook-security.ts), and the MCP server enforces authentication for non-loopback connections (lib/mcp.ts). The logic is transparent, well-tested, and strictly aligned with the stated purpose of OSINT and engagement.
能力评估
Purpose & Capability
SKILL.md, README, and the included TypeScript code implement an X/Twitter CLI (search, watch, OAuth, Grok AI integration, MCP server), which is coherent with the stated purpose. However the registry metadata at the top of the submission claims 'instruction-only' with no required env vars / credentials while SKILL.md and the code require X_BEARER_TOKEN (primary) and optionally XAI_API_KEY, X_CLIENT_ID, and others. That mismatch between declared requirements and actual files is a packaging/metadata inconsistency that could mislead installers.
Instruction Scope
The SKILL.md instructs agents and users to set X_BEARER_TOKEN, run Bun scripts, start an optional local MCP server, and may write caches/exports/oauth tokens to data/. Those instructions stay within the CLI's stated scope, and they explicitly call out security controls (chmod 600, webhook allowlists). However SKILL.md is agent-facing (tells AI agents to read and run commands) and a pre-scan detected a 'system-prompt-override' pattern in the SKILL.md — while the file content shown does not contain an explicit malicious system-prompt string, the presence of that pattern raises caution about prompt-injection style guidance embedded for agents.
Install Mechanism
There is no 'install spec' in the registry, but the repository includes an install.sh installer that downloads a GitHub release tarball and extracts it (uses GitHub releases and verifies checksums if available). Downloading from GitHub releases is a standard pattern (lower risk than arbitrary URLs), but the initial top-level metadata claiming 'instruction-only' contradicts the presence of this installer and many code files — the mismatch is noteworthy and increases risk if users expect no code execution. The README also suggests curl|bash install from raw.githubusercontent which is a higher-risk installation pattern; the script itself is reasonably defensive (checksum checks optional).
Credentials
The required credentials listed in SKILL.md (X_BEARER_TOKEN required; XAI_API_KEY, X_CLIENT_ID, XAI_MANAGEMENT_API_KEY optional) are proportional to the described features (API search, OAuth write actions, xAI analysis). However the registry summary that was supplied to the platform omitted these required env vars and primary credential, creating an inconsistency: the platform metadata claims 'none' while the skill code and SKILL.md require secrets. That discrepancy is a significant red flag because security decisions (scoping, review) may rely on accurate metadata.
Persistence & Privilege
The skill does not request 'always: true' and SKILL.md indicates network endpoints are limited to X and xAI endpoints. It optionally runs an MCP server (local by default binding to loopback) and stores data under its own data/ directory; OAuth tokens are stored locally with advised restrictive permissions. Those behaviors are normal for a CLI of this kind. Because the skill can be used as an agent tool (MCP), ensure the MCP server is only bound to loopback or protected with a strong XINT_MCP_AUTH_TOKEN if exposed.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install xint
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /xint 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2026.2.26
xint 2026.2.26 - Major internal expansion: 10 new modules added for analytics, timeline, growth, users, completions, and more. - Improved documentation: Updated usage info and expanded supported user intents, including Obsidian bookmark sync. - Various enhancements to reporting, sentiment analysis, formatting, and user engagement features. - Old security scan report removed; package metadata updated. - Numerous stability, collection handling, and API integration improvements.
v2026.2.25
xint 2026.2.25 - Added GitHub workflow and configuration files for CI, release draft, security auditing, and nightly regression. - Introduced a dedicated error handling module (`lib/errors.ts`). - Expanded documentation and security notices in SKILL.md. - Updated install and release scripts with improvements. - Refactored and enhanced core libraries for action results, billing, cost tracking, and Grok/AI integration. - Improved environment variable and credential management logic.
v2026.2.24
Fix X native article fetch: use tweet.fields=article API field instead of Grok web_search
v2026.2.20-2
Release v2026.2.20.2
v2026.2.19-3
Release v2026.2.19.3
v2026.2.19-2
Release v2026.2.19.2
v2026.2.19-1
Release v2026.2.19.1
v2026.2.18-11
Release v2026.2.18.11
v2026.2.18-10
Release v2026.2.18.10
v2026.2.18-9
Release v2026.2.18.9
v2026.2.18-8
Release v2026.2.18.8
v2026.2.18-3
Release v2026.2.18.3
v2026.2.18-2
Release v2026.2.18.2
v2026.2.18
Release v2026.2.18
v2026.2.17
Phase 2: Article AI analysis + security docs
v3.1.0
Phase 2: Article AI analysis + security docs
v3.0.0
xint 3.0.0 - Added `article` command to fetch and extract full article content from any URL using xAI's web_search tool. - Search results now display article titles and descriptions when available, helping users decide which articles to read in full. - Documented required credentials and scopes for all features in SKILL.md. - Added multiple new files including article extraction module, example watchlist, API reference, and scripts for xAI integrations. - Improved documentation with enhanced usage examples, full credential descriptions, and best practices for agent usage. - Internal refactor and expansion of the codebase to support new features and better organization.
v0.1.0
xint 0.1.0 — Initial Release - Introduces the X Intelligence CLI for searching, analyzing, and engaging with X/Twitter data from the terminal. - Supports powerful search with advanced filters (by likes, impressions, recency, author, etc.) and research-friendly exports (CSV, JSON, Markdown). - Adds commands for fetching user profiles, tweet threads, and single tweet details. - Enables real-time topic monitoring, trending topic search by location, follower tracking, and cost tracking. - Built-in Grok AI analysis: both on-demand queries and sentiment analysis of tweets. - Full bookmark, like, and following management (requires OAuth). - Integrates with xAI Collections for report archiving and semantic search. - All functionality accessible via documented CLI, with flexible output and automation options.
元数据
Slug xint
版本 2026.2.26
许可证 MIT-0
累计安装 7
当前安装数 6
历史版本数 18
常见问题

Xint 是什么?

X Intelligence CLI — search, analyze, and engage on X/Twitter from the terminal. Use when: (1) user says "x research", "search x for", "search twitter for",... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1081 次。

如何安装 Xint?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install xint」即可一键安装,无需额外配置。

Xint 是免费的吗?

是的,Xint 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Xint 支持哪些平台?

Xint 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Xint?

由 0xNyk(@0xnyk)开发并维护,当前版本 v2026.2.26。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论