twitter-autopilot-aisa
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Twitter/X automation purpose, but it can take public account actions and has under-disclosed relay/credential boundaries that users should review before enabling.
Install only if you trust AISA with Twitter/X read and write workflows. Use a scoped or dedicated account if possible, verify that TWITTER_RELAY_BASE_URL is unset or points to a trusted relay, and require the agent to ask before every post, reply, like, follow, or media upload.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill is invoked incorrectly after OAuth authorization, it could publish or engage from the user's X/Twitter account, causing reputational or account-management impact.
These are public, account-mutating actions. The provided instructions disclose the capability, but do not document a confirmation gate, allowed-action scope, or rollback/containment before the agent publishes or engages.
Support posting, replying, quoting, liking, unliking, following, and unfollowing through the shipped OAuth relay clients.
Require explicit user approval before every post, reply, quote, like, follow, or unfollow; show the exact final text and target account/tweet before executing.
A misconfigured or malicious relay URL in the environment could receive the user's AISA_API_KEY and posting/engagement payloads.
The OAuth client will send the AISA bearer key to the configured relay base URL, and the override accepts any valid http(s) URL. This optional credential destination is not disclosed in the skill requirements or README.
base_url = normalize_base_url(get_env("TWITTER_RELAY_BASE_URL", DEFAULT_BASE_URL)) ... "Authorization": f"Bearer {aisa_api_key}"Document and declare TWITTER_RELAY_BASE_URL, restrict it to trusted AISA domains by default, and avoid sending the AISA bearer token to arbitrary relay hosts unless the user explicitly opts in.
Users may assume account actions stay local when they are actually routed through a remote provider relay.
The wording says the OAuth relay is local, while the shipped OAuth client defaults to a remote AISA endpoint. This can mislead users about where OAuth-authorized actions and related data are processed.
Engagement via Relay: Like/unlike tweets and follow/unfollow users through the local OAuth relay service.
Update the documentation to accurately describe the remote AISA relay, what data is sent, and which service holds or brokers OAuth authorization.
Private images, videos, or draft content could be uploaded if the user or agent selects them for posting.
Posting with media necessarily sends user-selected text and files through the AISA/Twitter relay. This is expected for the stated purpose, but users should treat selected files and draft posts as external data sharing.
Publish text, images, and videos, create threads, and quote/reply to tweets securely via user OAuth authorization.
Use only intended media files, review drafts before posting, and avoid authorizing the skill in workspaces where the agent can access unrelated private files.