Openclaw Twitter Post Engage
PassAudited by ClawScan on May 4, 2026.
Overview
The skill’s behavior matches its Twitter/X posting and engagement purpose, but it can act on a real social account through AISA after user approval.
Install only if you are comfortable using the AISA relay for Twitter/X actions. Before any write action, require a clear final confirmation showing the exact post text, media paths, tweet or account target, and OAuth status. Do not approve ambiguous requests, private-file uploads, or actions on the wrong account.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved incorrectly, the agent could post content, upload media, like tweets, or follow accounts on the user’s behalf.
The skill can perform public Twitter/X write and engagement actions. This is purpose-aligned and disclosed, with explicit approval requirements, but misuse could affect the user’s public account.
Publish text, image, and video posts after explicit OAuth approval. Like, unlike, follow, and unfollow through the engagement client once authorization exists.
Only approve a final confirmation artifact that names the exact action, account or tweet, text, and media files; do not allow broad or ambiguous approvals.
The configured credentials and OAuth approval allow the relay-backed client to make authorized Twitter/X requests for the user.
The skill requires an AISA API key and OAuth authorization to act through the relay. This is expected for the service integration but grants delegated account authority.
Required env: `AISA_API_KEY` ... Obtain OAuth authorization before any write action.
Use only a trusted AISA key, authorize only the intended Twitter/X account, and revoke OAuth access when no longer needed.
Attached images, videos, post text, and related request data may be sent to api.aisa.one during approved posting workflows.
Approved media uploads and posting content are transmitted to the AISA relay. This is disclosed and purpose-aligned, but it sends user-selected local files/content to a third-party service.
The Python client reads the local file and sends it to the relay backend as `multipart/form-data`.
Upload only files you intentionally want to publish, verify each file path in the confirmation artifact, and avoid approving private or unrelated local files.