ai-twitter-digest
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts look like a legitimate scheduled Twitter/X-to-chat digest, but it handles API keys and can post automatically, so users should review setup and scheduling.
Before installing, make sure you are comfortable providing AISA and LLM API keys and allowing the skill to post to the configured chat channel. Run it first in a test channel, review the generated scripts/.env file, protect any stored keys, and only add the cron schedule if you want unattended daily posting.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup may copy existing API credentials into this skill's local configuration, increasing the places where those keys exist.
The setup wizard can read an existing OpenClaw auth profile, reuse a Gemini key, and write configuration into the skill's local .env file. This is disclosed and purpose-aligned, but it is sensitive credential handling.
"Try to read API keys from OpenClaw's auth.json" ... found["GEMINI_API_KEY"] = g["key"] ... ENV_FILE.write_text("\n".join(lines))Use limited-scope API keys where possible, inspect scripts/.env after setup, do not commit or share it, and enter keys manually if you do not want the wizard reading OpenClaw auth config.
A monitored tweet could cause the summary to include misleading wording, unwanted links, or off-topic content that then gets posted to the configured channel.
Tweet text from external accounts is inserted into the LLM prompt. A tweet containing prompt-like instructions could influence the generated digest, although the visible code does not give the model additional tools.
SUMMARIZE_PROMPT = """... Tweets:\n{tweets_text}""" ... prompt = SUMMARIZE_PROMPT.format(tweets_text=tweets_text, language=SUMMARY_LANGUAGE)Keep the account list curated, test in a private channel first, and consider adding prompt instructions to treat tweet text as untrusted content.
If scheduled, the digest will continue posting to the selected channel until the cron job is removed or disabled.
The documentation encourages a user-created recurring cron job. This is aligned with a daily digest, but it means the skill can run and post without per-run review once scheduled.
openclaw cron add "AI Twitter Digest" "30 15 * * *" \ "python3 /path/to/ai-twitter-digest/scripts/monitor.py"
Schedule it only for channels where automated posts are acceptable, start with a test channel, and keep track of how to remove the cron entry.