X / Twitter Search
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, confirm you trust the source, review scripts/search.js, and use provider API keys you are comfortable granting for search and billing/quota usage. Avoid putting sensitive private information in search queries because they are sent to xAI or X. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your search terms are sent to xAI or X, and X API mode may incur provider usage charges.
The skill performs network API calls as its core function. This is purpose-aligned and disclosed, but users should understand that searches are sent to external providers.
Calls xAI's `/v1/responses` endpoint (Grok mode) or X's `/2/tweets/search/recent` endpoint (X API mode)
Use the skill only for queries you are comfortable sending to those providers, and verify command flags such as --x-api, --days, and --max before running.
The API key or bearer token can consume your provider quota or billing allowance if misused outside this skill.
The script uses bearer credentials to authenticate to the provider API. This is expected for the integration and the visible code sends them only to the disclosed API hosts.
headers: { 'Authorization': `Bearer ${apiKey}`, }Use least-privilege provider credentials where available, store them securely, and revoke or rotate them if you no longer use the skill.
It may be harder to confirm that the installed code matches a trusted upstream source.
The registry metadata does not identify a verified source repository, which limits provenance assurance even though the visible package is small and dependency-free.
Source: unknown
Review the installed scripts/search.js before first use and install only from a trusted ClawHub entry or repository.