xbird
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Twitter/X purpose, but it should be reviewed carefully because it asks for raw X session cookies, can mutate a public account, and runs an unpinned npm MCP server not included in the reviewed artifacts.
Install only if you trust the npm MCP server and are comfortable giving it X session-cookie access. Use a dedicated X account and limited wallet, pin and verify the package, and require manual approval before any posting, retweeting, following, profile update, media upload, or paid action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything with access to these values may be able to act as the user's X account, and the wallet key could authorize payments if funded.
The skill asks for raw X session cookies and optionally a wallet private key. These are high-impact credentials, and the provided registry metadata says there are no required env vars or primary credential, so this sensitive authority is under-declared.
`XBIRD_AUTH_TOKEN` — from x.com cookies ... `XBIRD_CT0` — from x.com cookies ... `XBIRD_PRIVATE_KEY` — wallet private key
Do not provide main-account cookies or a funded wallet key unless you fully trust the MCP package. Prefer a dedicated account, a limited wallet, explicit credential declarations, and a clear revocation/rotation plan.
The agent could perform visible actions from the user's X account, including posts, retweets, follows, or profile changes, if invoked too broadly.
The tool set can post, retweet, follow/unfollow, and update profile content, and the workflow suggests agent-selected engagement without stating that the user must approve each public mutation.
`post_tweet`, `retweet`, `follow_user` / `unfollow_user`, `update_profile`; workflow: `like_tweet` or `retweet` interesting results
Require explicit user confirmation for every write, engagement, follow/unfollow, media upload, profile update, and paid call. Treat read/search actions separately from public account mutations.
A changed or untrusted npm package could alter what the local MCP server does with the user's account credentials and Twitter/X actions.
The setup runs an unpinned npm package as an MCP server, but the provided artifacts include no code files, install spec, lockfile, source repository, or homepage. That provenance gap matters because the server is expected to receive account cookies and possibly a wallet key.
claude mcp add xbird -- npx @checkra1n/xbird
Pin the package version, verify the publisher/source code, inspect the MCP server before use, and run it in an isolated environment before providing credentials.