← Back to Skills Marketplace
X (Twitter) Data Scraper
by
lamtest556-blip
· GitHub ↗
· v1.0.1
· MIT-0
99
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install claude-code-x-scraper
Description
X (Twitter) data extraction and analysis. Use when user asks to "get tweets from @username", "search X for", "analyze Twitter data", "fetch tweets about [top...
README (SKILL.md)
X (Twitter) Data Scraper
Extract and analyze X/Twitter data programmatically.
When to Use
- Fetch tweets from a specific user
- Search X for keywords/topics
- Analyze Twitter data and sentiment
- Monitor social media trends
Quick Start
# Get user tweets
python3 scripts/get_user_tweets.py elonmusk 20
# Search for topic
python3 scripts/search_tweets.py "machine learning" 30
Setup
Credentials: Create ~/.openclaw/credentials/x_api_tokens.env:
X_BEARER_TOKEN=Bearer YOUR_TOKEN_HERE
Get token: https://developer.twitter.com/en/portal/dashboard
Scripts
| Script | Purpose |
|---|---|
get_user_tweets.py |
Fetch user timeline |
search_tweets.py |
Search by keyword |
fetch_x_playwright.py |
Browser-based scraping |
x_api_client.py |
API client module |
Advanced Search
# Exclude replies/retweets
python3 scripts/get_user_tweets.py elonmusk 20 --no-replies --no-retweets
# Complex search
python3 scripts/search_tweets.py "(AI OR ML) from:elonmusk lang:en" 20
Troubleshooting
- 401 Unauthorized: Check Bearer token format
- 403 Forbidden: Search API needs Elevated access
- 429 Rate Limited: Wait 15 minutes
License
MIT
Usage Guidance
What to consider before installing/running:
- The skill's metadata claims no credentials, but its README/SKILL.md and code require an X API bearer token (X_BEARER_TOKEN) and the Playwright scraper expects a cookies file. This mismatch is a red flag: the registry info should list required secrets. Treat the package as requiring secrets even if metadata omits them.
- The Playwright scraper loads cookies from a hardcoded root path (/root/cookies_fixed.json) and CAPABILITY.md references /root paths and a login credentials file. Running these scripts with real cookies or account credentials can expose those secrets; do not point them at your primary account credentials. Prefer using a throwaway/test account or only use API tokens with limited scope.
- The code accepts HTTPS_PROXY / https proxy environment variables. If you set a proxy, traffic (including bearer tokens) could be routed through that proxy—ensure it is trusted.
- There are several documentation mismatches (missing script names, differing credential filenames). This indicates sloppy packaging; ask the publisher for clarification or a corrected manifest before trusting the skill with sensitive credentials.
- If you still want to use it: inspect and run the code in an isolated environment (sandbox, VM, or container), avoid providing your primary X/Twitter credentials, and prefer using only the API bearer token stored in a limited-permission place. Remove or change hardcoded paths (/root/...) to a safe location you control.
What would reduce concern: a corrected registry manifest that explicitly lists required env vars (X_BEARER_TOKEN), a clear explanation of cookie usage and the exact cookie file path, removal of hardcoded /root paths (or explicit documentation explaining why they are used), and an owning homepage/author identity you can verify.
Capability Analysis
Type: OpenClaw Skill
Name: claude-code-x-scraper
Version: 1.0.1
The skill bundle provides a functional X (Twitter) data extraction tool using both the official X API and Playwright-based browser automation. It handles authentication via standard environment variables and local credential files (~/.openclaw/credentials/). While there are minor documentation inconsistencies (e.g., referencing scripts/fetch_user_tweets.py instead of scripts/get_user_tweets.py) and hardcoded environment-specific paths like /root/cookies_fixed.json, these appear to be unintentional bugs or configuration defaults rather than malicious intent. No evidence of data exfiltration, unauthorized execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
The skill's name/description match the included code (API client, search, user timeline, and a Playwright scraper). However registry metadata claims no required env vars or credentials while README/SKILL.md/CODE expect an X_BEARER_TOKEN or credential files; CAPABILITY.md also references username/password and cookie files. These undocumented credentials in metadata are an incoherence.
Instruction Scope
Runtime instructions and code instruct creating/reading credential files (~/.openclaw/credentials/x_api_tokens.env) and the Playwright script loads cookies from a hardcoded path (/root/cookies_fixed.json). CAPABILITY.md also references /root/.openclaw/credentials/x_login_credentials.env and COOKIES_FILE=/root/cookies.json. The skill therefore reads local secret files and a cookies file; these operations go beyond simple 'call the API' and could expose sensitive tokens/cookies if misused. There are also mismatches in referenced script names (CAPABILITY.md refers to fetch_user_tweets.py which is absent).
Install Mechanism
This is an instruction-only skill with no install spec (no downloaded archives or package installs). Included code files run as-is; there is no installer that pulls remote binaries. That lowers install-time risk, but executing the scripts will run network and file I/O.
Credentials
Although registry metadata lists no required env vars, the code and docs expect X_BEARER_TOKEN (and optionally cookie/login credentials). CAPABILITY.md suggests username/password and a cookies file. Asking for bearer tokens or cookies is reasonable for a Twitter scraper, but the skill's metadata failing to declare them is incoherent. The code also respects HTTPS_PROXY which could be misconfigured to route traffic through an attacker-controlled proxy if an operator sets it. The hardcoded /root cookie path suggests privileged file access assumptions.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or agent-wide settings. It simply contains scripts that run when invoked. No elevated platform privileges are declared.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install claude-code-x-scraper - After installation, invoke the skill by name or use
/claude-code-x-scraper - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Added README.md and test suite
v1.0.0
Initial release: X (Twitter) data extraction and analysis toolkit.
- Fetch tweets from user timelines or by keyword/topic.
- Analyze Twitter data, perform sentiment analysis, and monitor trends.
- Supports script-based workflows with quick start examples.
- Includes API and browser-based scraping options.
- Detailed setup instructions and troubleshooting tips provided.
Metadata
Frequently Asked Questions
What is X (Twitter) Data Scraper?
X (Twitter) data extraction and analysis. Use when user asks to "get tweets from @username", "search X for", "analyze Twitter data", "fetch tweets about [top... It is an AI Agent Skill for Claude Code / OpenClaw, with 99 downloads so far.
How do I install X (Twitter) Data Scraper?
Run "/install claude-code-x-scraper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is X (Twitter) Data Scraper free?
Yes, X (Twitter) Data Scraper is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does X (Twitter) Data Scraper support?
X (Twitter) Data Scraper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created X (Twitter) Data Scraper?
It is built and maintained by lamtest556-blip (@lamtest556-blip); the current version is v1.0.1.
More Skills