OpenClaw X
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-x Version: 0.2.2 The skill bundle is suspicious because it requires the user to download and execute an external, unvetted binary from GitHub (`https://github.com/bosshuman/openclaw-x/releases`). Crucially, it then instructs the user to export their sensitive X/Twitter authentication cookies (`cookies.json`) and provide them to this external executable. This introduces a significant supply chain risk, as the security of the user's X account depends entirely on the trustworthiness of an opaque, external binary whose code is not part of this review. While the `SKILL.md` itself does not contain malicious code or prompt injection attempts, the described setup creates a critical vulnerability for data exfiltration or unauthorized account access if the external binary is compromised or malicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the executable or local service mishandles the cookie file, it could act as the user's logged-in X/Twitter account, potentially including public posts or account interactions.
Browser cookies are live session credentials. The skill asks for them to be exported to a file used by the local service, but does not bound which cookies are needed, how they are protected, or how to revoke or clean them up.
Export your X cookies from Chrome (using Cookie-Editor extension), save as `cookies.json` in the same directory
Only use this with a trusted, verified executable and preferably a low-risk test account. Avoid exporting broad browser cookies unless you understand how they are stored, used, and removed.
An agent or local process that can reach the service may be able to post, like, retweet, or bookmark from the user's X/Twitter account while the service is running.
The documented API exposes account-mutating actions through simple local HTTP requests, but the artifact does not describe per-action user confirmation, authorization checks, or limits for these high-impact operations.
curl -X POST http://localhost:19816/tweet ...; curl -X POST http://localhost:19816/tweet/{tweet_id}/like; curl -X POST http://localhost:19816/tweet/{tweet_id}/retweetRequire explicit user approval before posting or engaging, restrict access to the local service, and review the exact request before any public account action is sent.
The reviewed skill text cannot show what the downloaded binary actually does with the user's X/Twitter session cookies or account actions.
The skill depends on an external executable that is not included in the reviewed artifacts. That executable is expected to receive exported account cookies and perform account actions, making provenance and review especially important.
Download the executable from [GitHub Release](https://github.com/bosshuman/openclaw-x/releases)
Verify the release source, signatures or checksums, and source code before running it. Do not provide session cookies to an unreviewed binary.