Edison Autopilot Post X
ReviewAudited by ClawScan on May 18, 2026.
Overview
This appears to be a real X auto-poster, but it merits Review because it can publish AI-generated tweets on a schedule without per-post approval and can send optional local scan-file content to OpenAI.
Install only if you are comfortable with unsupervised public posting from your X account. Run dry-runs first, add a manual approval step before enabling cron, keep SCAN_DIR unset unless it contains trusted non-sensitive files, use least-privilege API credentials, and pin dependencies in a virtual environment.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
AI-generated posts could be published publicly from the user's X account without the user reviewing each one first.
The default non-dry-run path publishes generated text to X; there is no confirmation or approval gate before calling the X posting API.
resp = client.create_tweet(text=text) ... if dry_run: ... return ... tweet_id = post_tweet(text)
Use dry-run first, add a manual approval queue before posting, restrict X tokens to the minimum permissions available, and monitor or disable the cron job until behavior is trusted.
Private or untrusted local notes could be sent to OpenAI and could steer what gets posted publicly.
If SCAN_DIR is set, the script reads a local Markdown file and includes its content in the OpenAI prompt, which can disclose local content and influence the public tweet.
SCAN_DIR = os.environ.get("SCAN_DIR", "") ... return fh.read()[:3000] ... Context — today's research scan ... {scan[:1500] if scan else "(no scan available today)"}Leave SCAN_DIR unset unless it points to a trusted, non-sensitive directory; document this data flow clearly; add path allowlists, exclusions, and human review before posting scan-derived content.
A user may over-trust the system and allow public posts that still contain hallucinated or incorrect claims.
The safety claim is stronger than the implemented control: the provided code relies on prompt instructions, not an independent factuality verifier.
No fabricated data — explicit prompt rules prevent GPT from inventing statistics
Treat the anti-fabrication rule as a soft prompt guard, not a guarantee; add fact-checking, source requirements, or manual review for public posts.
If these credentials are over-scoped or exposed, someone could incur API costs or post through the connected X account.
The skill needs delegated OpenAI and X credentials, which is expected for its purpose but gives the script account-level posting authority.
export OPENAI_API_KEY="sk-..." ... export X_CONSUMER_KEY="..." ... export X_ACCESS_TOKEN_SECRET="..."
Use dedicated API credentials, grant the least privilege available, keep them out of shell history and shared logs, and rotate or revoke them if testing goes wrong.
Future dependency changes or a compromised package source could affect what code runs locally.
The dependency installation is purpose-aligned, but package versions are not pinned and there is no lockfile or install spec in the provided artifacts.
pip install tweepy requests
Install in a virtual environment, pin reviewed versions of tweepy and requests, and consider using a lockfile.
The poster will continue running and publishing on schedule until the cron entry is removed or disabled.
The cron schedule is disclosed and user-installed, but it creates ongoing autonomous activity after setup.
# Add: 0 8,11,14,17,21 * * * cd /path/to/repo && python auto_tweet.py
Document how to stop it, start with a test account or dry-run schedule, and periodically review the crontab and generated logs.