Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xint
v2026.2.26X Intelligence CLI — search, analyze, and engage on X/Twitter from the terminal. Use when: (1) user says "x research", "search x for", "search twitter for",...
⭐ 3· 924·7 current·7 all-time
by@0xnyk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md, README, and the included TypeScript code implement an X/Twitter CLI (search, watch, OAuth, Grok AI integration, MCP server), which is coherent with the stated purpose. However the registry metadata at the top of the submission claims 'instruction-only' with no required env vars / credentials while SKILL.md and the code require X_BEARER_TOKEN (primary) and optionally XAI_API_KEY, X_CLIENT_ID, and others. That mismatch between declared requirements and actual files is a packaging/metadata inconsistency that could mislead installers.
Instruction Scope
The SKILL.md instructs agents and users to set X_BEARER_TOKEN, run Bun scripts, start an optional local MCP server, and may write caches/exports/oauth tokens to data/. Those instructions stay within the CLI's stated scope, and they explicitly call out security controls (chmod 600, webhook allowlists). However SKILL.md is agent-facing (tells AI agents to read and run commands) and a pre-scan detected a 'system-prompt-override' pattern in the SKILL.md — while the file content shown does not contain an explicit malicious system-prompt string, the presence of that pattern raises caution about prompt-injection style guidance embedded for agents.
Install Mechanism
There is no 'install spec' in the registry, but the repository includes an install.sh installer that downloads a GitHub release tarball and extracts it (uses GitHub releases and verifies checksums if available). Downloading from GitHub releases is a standard pattern (lower risk than arbitrary URLs), but the initial top-level metadata claiming 'instruction-only' contradicts the presence of this installer and many code files — the mismatch is noteworthy and increases risk if users expect no code execution. The README also suggests curl|bash install from raw.githubusercontent which is a higher-risk installation pattern; the script itself is reasonably defensive (checksum checks optional).
Credentials
The required credentials listed in SKILL.md (X_BEARER_TOKEN required; XAI_API_KEY, X_CLIENT_ID, XAI_MANAGEMENT_API_KEY optional) are proportional to the described features (API search, OAuth write actions, xAI analysis). However the registry summary that was supplied to the platform omitted these required env vars and primary credential, creating an inconsistency: the platform metadata claims 'none' while the skill code and SKILL.md require secrets. That discrepancy is a significant red flag because security decisions (scoping, review) may rely on accurate metadata.
Persistence & Privilege
The skill does not request 'always: true' and SKILL.md indicates network endpoints are limited to X and xAI endpoints. It optionally runs an MCP server (local by default binding to loopback) and stores data under its own data/ directory; OAuth tokens are stored locally with advised restrictive permissions. Those behaviors are normal for a CLI of this kind. Because the skill can be used as an agent tool (MCP), ensure the MCP server is only bound to loopback or protected with a strong XINT_MCP_AUTH_TOKEN if exposed.
Scan Findings in Context
[system-prompt-override] unexpected: A prompt-injection pattern was detected in SKILL.md. The file is agent-facing and instructs agents how to use the skill; this increases the risk that an agent could be prompted to run commands not strictly necessary. The SKILL.md content shown does not contain a clear malicious system-prompt override, but the flagged pattern warrants manual review of any agent-directed instruction blocks before granting the skill autonomous action.
What to consider before installing
This package appears to be a full-featured X/Twitter CLI (search, watch, OAuth, xAI analysis) and the code and README substantiate that. However: (1) the platform metadata claims 'instruction-only' and 'no required env vars' while SKILL.md and the code require an X_BEARER_TOKEN and optionally xAI and OAuth keys — treat that mismatch as a red flag; (2) the repo includes an installer (install.sh) and many code files, so don't assume it's a lightweight instruction-only skill; (3) a prompt-injection pattern was flagged in SKILL.md — audit agent-facing instruction text if you plan to let an automated agent use this skill. Recommended steps before installing/using: verify the upstream GitHub repository and owner, inspect install.sh and xint.ts locally (don't run curl|bash blindly), confirm the code only calls the documented X/xAI endpoints (api.x.com, x.com, api.x.ai), run in an isolated environment or container, never provide credentials to unknown hosts, set XINT_MCP_AUTH_TOKEN before enabling MCP on non-loopback hosts, and prefer manual invocation rather than granting autonomous model invocation until you are satisfied with the code and metadata alignment.lib/api.ts:14
Environment variable access combined with network send.
lib/article.ts:52
Environment variable access combined with network send.
lib/billing.ts:9
Environment variable access combined with network send.
lib/collections.ts:68
Environment variable access combined with network send.
lib/grok.ts:78
Environment variable access combined with network send.
lib/health.ts:107
Environment variable access combined with network send.
lib/mcp-package-contract.test.ts:6
Environment variable access combined with network send.
lib/mcp.ts:38
Environment variable access combined with network send.
lib/oauth.ts:92
Environment variable access combined with network send.
lib/trends.ts:144
Environment variable access combined with network send.
lib/x_search.ts:70
Environment variable access combined with network send.
xint.ts:1285
Environment variable access combined with network send.
lib/api.ts:6
File read combined with network send (possible exfiltration).
lib/article.ts:11
File read combined with network send (possible exfiltration).
lib/billing.ts:5
File read combined with network send (possible exfiltration).
lib/bookmark_kb.ts:49
File read combined with network send (possible exfiltration).
lib/collections.ts:9
File read combined with network send (possible exfiltration).
lib/followers.ts:8
File read combined with network send (possible exfiltration).
lib/grok.ts:8
File read combined with network send (possible exfiltration).
lib/health.ts:5
File read combined with network send (possible exfiltration).
lib/mcp.ts:11
File read combined with network send (possible exfiltration).
lib/oauth.ts:10
File read combined with network send (possible exfiltration).
lib/trends.ts:9
File read combined with network send (possible exfiltration).
lib/x_search.ts:8
File read combined with network send (possible exfiltration).
xint.ts:66
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk977de44knv9stkvsh1pe7wegh831new
License
MIT-0
Free to use, modify, and redistribute. No attribution required.