X Publisher
AdvisoryAudited by VirusTotal on Mar 21, 2026.
Overview
Type: OpenClaw Skill Name: x-leads-api Version: 1.0.0 The skill bundle provides a legitimate Node.js-based CLI tool for interacting with the X (Twitter) API v2. The code in `x-api.js` uses built-in modules to handle OAuth 1.0a authentication and standard API requests without external dependencies or suspicious network calls. While `SKILL.md` contains some functional discrepancies (referencing 'schedule' commands not implemented in the script) and uses restrictive language to guide the AI agent, there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong text or tweet ID, the agent could publicly post, like, or delete content on the connected X account.
The CLI directly executes public account-changing actions from command arguments, including posting, liking, and deleting, with no preview or confirmation step shown in the code or instructions.
if (cmd === 'post') await post(args.join(' ')); ... else if (cmd === 'like') await like(args[0]); else if (cmd === 'delete') await remove(args[0]);Use only with explicit user-approved text and IDs. Add a confirmation/preview requirement for post, thread, reply, quote, like, and delete actions, especially before deletion or public posting.
Anyone or any agent process with these environment variables can perform the supported X account actions through this script.
The skill requires OAuth credentials that can act as the user's X account. This is expected for the stated purpose, and the reviewed code does not show hardcoded credentials or unrelated transmission.
requires:\n env: [X_API_KEY, X_API_SECRET, X_ACCESS_TOKEN, X_ACCESS_SECRET]
Use the least-privileged X app/token available, keep tokens out of logs, and rotate or revoke them if the skill is no longer needed.
A user or agent may believe scheduled posting is supported or that a background process exists when the included code does not provide that capability.
SKILL.md advertises queue-and-cron scheduled posting, but the reviewed x-api.js command dispatcher only implements post, thread, reply, quote, like, delete, and timeline. This mismatch can mislead users about persistence and delayed posting behavior.
Schedule a tweet for later (saved to queue, posted by cron):
Remove the scheduling instructions or add a reviewed scheduler implementation with clear storage location, cron setup, approval rules, and cancellation controls.