Skill blocked — malicious content detected
ClawHub Security flagged this skill as malicious. Downloads are disabled. Review the scan results below.
twit-mcp
v1.4.1Real-time X/Twitter data and write actions via x402 micropayments. Fetch articles, tweets, users, lists, and communities — post tweets, like, retweet, bookma...
⭐ 0· 220·0 current·0 all-time
MIT-0
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (twit-mcp, x402 micropayments, read/write X data) match the code and dependencies: it calls an x402 API, signs payments locally with an EVM private key, and exposes read/write tools. Requiring npx and a WALLET_PRIVATE_KEY is coherent with the stated payment-based design.
Instruction Scope
SKILL.md and code direct the agent to open a browser (Playwright) to connect a Twitter/X account and save credentials locally. Tool calls all go through API_BASE (default https://x402.twit.sh) and payment is handled locally. The instructions explicitly save Twitter auth tokens to ~/.twit-mcp-credentials.json (plaintext), which is functional but exposes sensitive credentials on disk.
Install Mechanism
Install uses an npm package (twit-mcp) and exposes a twit-mcp binary — expected for a Node-based MCP. npm installs are a moderate-risk mechanism (supply-chain risk) but consistent with the package manifest; no remote ad-hoc downloads or obfuscated fetches are present in the bundle.
Credentials
Only WALLET_PRIVATE_KEY is required (declared as primary credential), which is necessary for the x402 payment signing behavior — so the request for a private key is proportionate to the payment feature. However, that key is highly sensitive: the skill can sign on-chain payments from it. The skill also reads optional TWITTER_AUTH_TOKEN / TWITTER_CT0 environment variables and stores Twitter credentials to disk unencrypted, increasing exposure.
Persistence & Privilege
always:false (good). But normal autonomous invocation (disable-model-invocation:false) combined with a private key that can sign USDC payments increases the blast radius: an agent could call many paid endpoints and drain funds without additional user confirmation. The skill writes credentials to ~/.twit-mcp-credentials.json (persistent, plaintext) but does not appear to modify other skills or global agent configuration.
What to consider before installing
This skill is internally consistent with its description, but it requires you to provide a full wallet private key and will sign small USDC payments automatically. Before installing: (1) Use a dedicated wallet with only minimal funds (do not use a main wallet). (2) Review the npm package provenance (who maintains twit-mcp / twit.sh) and prefer installing from a trusted source. (3) Be aware Twitter credentials are saved unencrypted to ~/.twit-mcp-credentials.json — treat that file as sensitive or run the MCP in an isolated environment. (4) Consider running the MCP in a sandbox, review the source code yourself (or have a reviewer) if you plan to put non-trivial funds behind the private key, and monitor wallet activity closely after enablement.dist/index.js:15
Environment variable access combined with network send.
src/index.ts:18
Environment variable access combined with network send.
dist/index.js:511
Dynamic code execution detected.
src/index.ts:749
Dynamic code execution detected.
Critical security concern
These patterns indicate potentially dangerous behavior. Exercise extreme caution and review the code thoroughly before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk975vn7k7bm9jh8ch2qg1f3nan82mktxmcpvk97cc283kjh4vezexf4tp2c06181pwf3twittervk97cc283kjh4vezexf4tp2c06181pwf3usdcvk97cc283kjh4vezexf4tp2c06181pwf3x402vk97cc283kjh4vezexf4tp2c06181pwf3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐦 Clawdis
Binsnpx
EnvWALLET_PRIVATE_KEY
Primary envWALLET_PRIVATE_KEY
Install
Node
Bins: twit-mcp
npm i -g twit-mcp