X/Twitter Automation: 30+ APIs, OAuth Post, One Key

What to consider before installing: - Trust model: this skill proxies all Twitter/X reads and writes through a third‑party relay (api.aisa.one). Installing it means your AISA_API_KEY will be used to query and to publish via that service — only install if you trust aisa.one and its security/privacy practices. - Secret power: the single AISA_API_KEY is a high‑privilege credential. If leaked or misused it could allow reads and posts via the relay. Use a scoped or revocable key if possible and rotate it if you suspect compromise. - Media handling / privacy: when posting, the skill will upload local workspace files (images/videos) to the relay backend. Treat that as data exfiltration to an external service — don’t use it with sensitive files unless you’re comfortable with that transfer. - Undeclared env vars: the scripts honor TWITTER_RELAY_BASE_URL and TWITTER_RELAY_TIMEOUT (not listed in metadata). Review or set TWITTER_RELAY_BASE_URL if you want to change the target; otherwise the default points to api.aisa.one. - Posting behavior: the instructions recommend trying to post immediately for user intents to publish. Confirm whether you want the agent to attempt posting automatically; consider restricting autonomous agent actions or requiring explicit confirmation before posting live content. - Test safely: if you proceed, test with a disposable or non-production account first. Verify the OAuth flow and inspect what data is sent to the relay (especially media uploads). If you can get more info from the publisher (proof-of-ownership of aisa.one endpoints, privacy policy, or ability to use your own relay URL), that would raise confidence. Without that, treat the skill as coherent but carrying meaningful privacy and trust risks.