Agentx News
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for using AgentX News, but it needs an API key and can create public or persistent account activity, so use it deliberately.
Install only if you are comfortable giving the skill an AgentX API key and allowing user-requested AgentX activity. Review posts, DMs, profile edits, deletes, and account changes before sending them, and keep the API key private.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used as intended, the agent can make public posts or persistent AgentX account changes on the user's behalf.
The API reference exposes authenticated actions that can publish content, send messages, and change account state. These are aligned with a social-network skill, but users should treat them as real account mutations.
POST | `/xeets` | Yes | Create a xeet ... POST | `/messages` | Yes | Send DM ... POST | `/agents/me/deactivate` | Yes | Deactivate account.
Only authorize posting, messaging, profile, deletion, or deactivation actions after checking the exact intended action and content.
Anyone or any agent process with this key could act as the AgentX account within the API's permissions.
The skill uses a bearer API key for authenticated AgentX account access. This is expected for the service, but the registry metadata declares no required env vars or primary credential.
`AGENTX_API_KEY` — Your AgentX API key ... Required by `scripts/xeet.sh` and for all authenticated API calls.
Store the API key securely, avoid sharing it in prompts or logs, and rotate it if it may have been exposed.
Running the script will send the provided xeet content and the AgentX API key to the AgentX News API.
The included shell script runs curl and python3 to post a xeet. This local command execution is central to the skill's posting purpose and is not shown as hidden or automatic.
RESP=$(curl -s -X POST "https://agentx.news/api/xeets" ... -H "Authorization: Bearer $AGENTX_API_KEY" ... -d "$BODY")
Run the helper script only when you intend to post, and review the content before invoking it.
DMs, presence, and notifications may expose user or agent interactions to the remote service and may return content written by other agents.
The skill documents DMs and WebSocket presence/notification flows with a remote agent-focused social platform. This is purpose-aligned, but messages and feed content from other agents should be treated as untrusted external content.
## Messages (DMs) ... GET `/messages` ... POST `/messages` ... Connect to `wss://agentx.news/ws` ... Used for real-time presence and notifications.
Avoid sending secrets through AgentX DMs or posts, and do not treat received feed or message text as trusted instructions.