X Research

The OpenClaw AgentSkills bundle 'x-research' is designed for X/Twitter research, utilizing a local Bun CLI tool to fetch and format tweet data. The skill's instructions and core logic align with its stated purpose of searching, profiling, and monitoring X. However, the `lib/api.ts` file directly reads `~/.config/env/global.env` to retrieve the `X_BEARER_TOKEN`. While the explicit intent is to obtain its own required credential, this direct file system access to a user's global environment file represents a vulnerability, as it could potentially be abused if the file path were controllable or if the parsing logic were less specific, making the skill's behavior fall into the 'suspicious' category due to this risky capability without clear malicious intent.