ClawHub

wh-x-post

v1.0.0

Assist users to post tweets, reply, or quote retweet on Twitter/X using twitter-cli, ensuring content confirmation and login status check.

0· 50·0 current·0 all-time
by德高@baiyea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Posts externally
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state posting to Twitter/X via twitter-cli and the package files implement exactly that: post, reply, quote, and whoami wrappers that invoke twitter-cli. No unrelated capabilities or unexpected credential requests are present.
Instruction Scope
SKILL.md instructs the agent to run the included scripts which in turn call `python -m twitter_cli`. The scripts only validate text length, accept image file paths, and forward arguments to twitter-cli; they do not read arbitrary system files, exfiltrate data, or call external endpoints themselves.
Install Mechanism
This is an instruction-only skill (no platform install spec). It recommends installing the third-party package `twitter-cli` via pip/pipx/uv. That is proportionate but places trust in the external pip package (normal but worth checking the package origin and reputation).
Credentials
The skill requests no environment variables, no credentials, and accesses no config paths. Authentication is expected to be handled by the twitter-cli/browser login flow, which is consistent with the stated purpose.
Persistence & Privilege
Skill is not always-on and does not modify other skill or system configurations. It runs only when invoked and executes local scripts which call twitter-cli.
Assessment
This skill appears internally consistent: it simply wraps a third‑party `twitter-cli` tool to post/reply/quote-tweet. Before installing/use, verify the trustworthiness of the `twitter-cli` package on PyPI (author, downloads, repo), since that tool will perform the network operations and hold your login state. Be aware scripts will be given any image file paths you pass (they forward those to twitter-cli), so avoid pointing them at sensitive local files. Finally, confirm you are comfortable with the browser-based login flow that `twitter-cli` requires; if you prefer not to install external CLI packages, do not install or run this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97efzkxay4ees6gcv9rxyanq984fan9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments