X Twitter Command Center (Search + Post)
v1.0.5Searches and reads X (Twitter): profiles, timelines, mentions, followers, tweet search, trends, lists, communities, and Spaces. Publishes posts after the use...
⭐ 0· 1.2k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill advertises Twitter/X read and post functionality and requires an AISA_API_KEY plus curl and python3. The included Python clients call https://api.aisa.one endpoints and implement read APIs and OAuth-based posting flows — these requirements align with the claimed capabilities.
Instruction Scope
SKILL.md and references explicitly instruct the agent to call the AIsa relay endpoints and, for posting, to upload local workspace files (images/videos) to the relay which then uploads to Twitter. The instructions do not request unrelated system files or passwords. Two minor scope notes: (1) posting sends attachments and post content to a third-party relay (data leaves the agent to api.aisa.one), and (2) the docs set a default publishing mode of '--type quote' in some guidance (could produce unexpected quote behavior if the user doesn't realize this).
Install Mechanism
There is no external install spec (instruction-only install). The repository contains Python scripts that will be run locally; no downloads from untrusted URLs or package installs are performed by the skill itself.
Credentials
Declared primaryEnv is AISA_API_KEY which the code uses for Authorization and in POST payloads; this is proportional to the relay-based design. However, the oauth client reads other environment variables (TWITTER_RELAY_BASE_URL, TWITTER_RELAY_TIMEOUT) with defaults but these are not declared in requires.env metadata — the runtime can be influenced via these env vars. Ensure you only provide an AISA API key you trust and be aware media and post content will be sent to the relay service.
Persistence & Privilege
The skill is not always:true and does not request elevated platform privileges. It does not modify other skills' configurations or system-wide settings. It will read local workspace file paths for attachments (per design) but does not request persistent system-wide credentials.
Assessment
This skill appears to do what it says: it uses an AIsa relay (api.aisa.one) to provide read/search and OAuth-based posting to X/Twitter and requires one API key and Python. Before installing: (1) Verify you trust the AIsa relay operator (api.aisa.one) because all tweet content and any attached media will be uploaded to that service to publish on your behalf; (2) only provide a scoped API key you are comfortable giving to a third party and rotate it if unsure; (3) if you need to restrict where requests are sent, set TWITTER_RELAY_BASE_URL to a trusted relay (the code supports this) and confirm that environment variable is set in your agent environment; (4) review the included Python scripts (they are present in the bundle) to confirm there is no unexpected file access in your deployment; (5) be aware the posting workflow defaults in guidance to a 'quote' mode in some cases — verify posting behavior before automating large-scale publishes. Overall the package is internally coherent, but trust in the external relay is the primary security consideration.Like a lobster shell, security has layers — review code before you run it.
latestvk97bng9aqwgbk873bt9abv75t183yvf9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐦 Clawdis
Binscurl, python3
EnvAISA_API_KEY
Primary envAISA_API_KEY