X Engagement Pro
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its X automation purpose, but it should be reviewed because it can act from your X account on a schedule and builds command strings unsafely.
Before installing, verify the source and xapi command, use a limited X API key on a dedicated account if possible, keep the skill in manual mode until you trust its behavior, and confirm that posting limits and approval controls work.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill can post replies or likes from the user's X account automatically, and mistakes may appear publicly before the user reviews them.
The agent can run on a schedule and execute public X reply/like commands. The daily limit is not clearly persisted and the code tries to increment a const, so the advertised rate control may not work as intended.
triggers: ['heartbeat', 'cron'] ... command: `xapi reply --id ${post.id} --text "${response}"` ... command: `xapi like --id ${post.id}` ... const todayPosts = state.postsToday || 0 ... todayPosts++Keep manual mode enabled by default, require explicit approval for replies/likes, persist and test rate limits, and provide a clear stop/disable workflow.
A crafted keyword or unexpected post identifier could change the intended xapi command if exec invokes a shell, potentially causing unintended local commands or account actions.
User-configured keywords and API-derived post IDs are interpolated into command strings without visible escaping or argument-array handling.
for (const kw of keywords.slice(0, 5)) ... command: `xapi search --query "${kw}" --limit 10` ... command: `xapi reply --id ${post.id} --text "${response}"`Use a typed X API client or exec argument arrays, validate post IDs, escape all command arguments, and avoid passing untrusted values through shell command strings.
Installing and configuring the skill gives it the ability to act through the user's X account.
The skill requires delegated X credentials and X write permission, which are purpose-aligned but sensitive; the supplied registry requirements list no required env vars or primary credential.
"X_API_KEY": { "type": "string", "required": true, "description": "X/Twitter API key for posting and engagement" } ... "permissions": { "read": ["x", "alignednews"], "write": ["x"] }Use the least-privileged X API key possible, consider a dedicated brand account, monitor activity, and revoke the credential if the skill is no longer needed.
The user may not know exactly which local command implementation will be used for X actions.
The runnable code depends on openclaw-tools exec and an xapi command, but the registry requirements show no required binaries and there is no install spec.
import { read, exec } from 'openclaw-tools' ... command: 'xapi mentions --limit 20'Declare the xapi dependency and required credential/channel metadata explicitly, and verify the installed command source before enabling automated posting.