X Alpha Scout

v1.0.0

Scan crypto and NFT sentiment on X/Twitter for daily alpha reports or token/NFT/project on-demand analyses with sentiment, trends, and red flags.

⭐ 2· 1.1k·1 current·1 all-time

by@hammadbtc

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hammadbtc/x-alpha-scout.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "X Alpha Scout" (hammadbtc/x-alpha-scout) from ClawHub.
Skill page: https://clawhub.ai/hammadbtc/x-alpha-scout
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install x-alpha-scout

ClawHub CLI

Package manager switcher

npx clawhub@latest install x-alpha-scout

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill is an X/Twitter scanner and legitimately needs access to X data. However, the SKILL.md explicitly requires two X credentials (X_AUTH_TOKEN and X_CT0) and expects the 'bird' CLI to be installed, while the registry metadata declares no required env vars or binaries. That mismatch between declared requirements and the runtime instructions is an incoherence that requires explanation.

Instruction Scope

Runtime instructions direct the agent to run 'bird' searches (read-only) and to produce reports. They also instruct auto-running daily at 00:00 UTC and to 'Deliver: Send to user via their preferred channel (Discord, Telegram, etc.)' — but do not specify how delivery credentials or scheduling are provided. The SKILL.md references environment variables that are not declared in the registry. While the operations appear primarily read-only, the vagueness around delivery and scheduling grants the agent broad discretion and increases risk if credentials are provided.

ℹ

Install Mechanism

This is instruction-only (no install spec). README instructs installing 'bird' via Homebrew or GitHub releases — both common approaches. There is no bundled installer or arbitrary download embedded in the skill files, which reduces direct install risk, but the skill depends on an external CLI the user must install and trust.

Credentials

The SKILL.md requires X_AUTH_TOKEN and X_CT0 (a session cookie) — both are high‑value credentials that can allow account access. The registry metadata, however, lists no required env vars or primary credential. That omission is disproportionate and inconsistent. The skill also suggests delivering reports to external channels but does not request or document credentials for those channels.

ℹ

Persistence & Privilege

The skill does not request 'always: true' and defaults allow autonomous invocation (platform default). The SKILL.md mentions an automated daily report at 00:00 UTC; combined with the need for X credentials, autonomous runs increase the blast radius (the agent could repeatedly access X using provided credentials). This combination is notable but not itself a proof of malicious intent.

What to consider before installing

Key things to consider before installing or enabling this skill: - Credentials: The SKILL.md asks for X_AUTH_TOKEN and X_CT0 (a ct0 session cookie). Those are sensitive — a ct0 cookie can allow actions as your account. Do not supply these from your primary/personal X account. Prefer a read-only or throwaway X account with minimal privileges if you must test. - Registry metadata mismatch: The registry entry lists no required env vars or binaries, but the instructions require the bird CLI and two X credentials. Ask the publisher why the metadata omits these requirements and request that required env vars and binaries be declared in the registry. - bird CLI provenance: The skill depends on an external CLI ('bird'). Install only from a trusted source (official GitHub repo or verified Homebrew tap). Verify the bird project and review its release artifacts before installing. - Delivery channels & scheduling: The skill says to 'deliver' reports via Discord/Telegram/etc. but does not declare how credentials for those channels are provided or stored. Ask for clarification and avoid giving messaging-service tokens unless you understand how they're used and stored. - Autonomy risk: The skill is designed for daily automated runs. If you enable autonomous invocation, ensure the credentials you provide are scoped appropriately and monitor activity. Consider running the skill manually first to validate behavior. - Code review & sandboxing: The included script (scripts/parse_calls.py) appears to only parse JSON tweet output into structured calls (no network exfiltration). Still, review the code and test in an isolated environment. Inspect the referenced GitHub repo (github.com/hammad-btc/alpha-scout-skill) for additional code or installer steps. - Ask the publisher: Because the homepage is missing and the registry metadata is incomplete, ask the skill author to (1) publish a homepage/repo link in the registry, (2) update metadata to list required env vars/binaries, (3) explicitly document delivery mechanisms and credential use, and (4) confirm whether the skill ever posts or performs actions on X (the SKILL.md only shows read/search operations, but that should be explicitly confirmed). If you decide to try the skill, do so with a dedicated/test X account and without sharing primary account cookies/tokens until you're satisfied with provenance and behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9743w79rfkqydeaj6knsm9egd80x7m1

1.1kdownloads

2stars

1versions

Updated 2h ago

v1.0.0

MIT-0

X Alpha Scout

Your agent's X/Twitter alpha scanner. Two things: daily reports and on-demand analysis.

Prerequisites

Environment variables:

export X_AUTH_TOKEN="your_twitter_auth_token"
export X_CT0="your_twitter_ct0_cookie"

Verify:

bird whoami --auth-token "$X_AUTH_TOKEN" --ct0 "$X_CT0"

Feature 1: Daily Alpha Report (Auto at 00:00 UTC)

User says: "Run my daily alpha" or "Get today's report"

What you do:

# Scan for overnight alpha
bird search "(buying OR bought OR aping OR loading up) (ticker OR token OR \$)" -n 25
bird search "(minting OR mint OR free mint) NFT" -n 20
bird search "(just launched OR stealth launch) token" -n 15
bird search "(gem OR undervalued OR 100x) crypto" --min-likes 10 -n 15

Generate report in this exact format:

# 🦅 Alpha Report — Feb 10, 2026

### 1. Good Morning
[Simple greeting]

### 2. Crypto Market Update
- BTC: $[price] ([+/-]% 24h)
- ETH: $[price] ([+/-]% 24h)
- SOL: $[price] ([+/-]% 24h)
- Fear & Greed Index: [value] ([Extreme Fear/Fear/Neutral/Greed/Extreme Greed])

### 3. News of the Day
- [Major Web3 announcement](https://x.com/...) — Brief summary
- [Regulation/news affecting market](https://x.com/...) — Brief summary
- [Any market-moving world news](https://x.com/...) — Brief summary

### 4. Crypto Twitter (CT)
- Main narrative: [What's the hot topic today?]
- Key trends: [New meta, drama, or shifts]
- Notable accounts: [Who's driving conversation]

### 5. NFTs Market Update
**ETH Eco:** [2-3 sentence paragraph on top ETH ecosystem updates — NFTs, tokens, protocols. Skip if nothing significant.]

**Bitcoin Eco:** [2-3 sentence paragraph on top Bitcoin/Ordinals market. Skip if nothing significant.]

**Sol Eco:** [2-3 sentence paragraph on top Solana ecosystem — NFTs, DeFi, memes. Skip if nothing significant.]

**Notable Mints:**
- Minting Today: [@account1](https://x.com/account1) [@account2](https://x.com/account2) [@account3](https://x.com/account3) (only good, hyped drops — embed X profile links)
- Upcoming Mints: [@account4](https://x.com/account4) [@account5](https://x.com/account5) (worth keeping an eye on — embed X profile links)

If none worth mentioning, say "No major mints detected."

### 6. Alpha from Reputable Figures:
- Top calls: [What are reputable accounts buying/minting? Include @username]
- High-conviction signals: [Who's aping what with size/proof — include @username]
- WL opportunities: [Any good drops they mentioned — include @username]
- Emerging narratives: [New meta or trend being discussed — include @username]
- Notable exits/warnings: [Who's selling or warning about what — include @username]

### 7. Extra / Warnings
- [Any red flags or opportunities noticed]
- [Personal observations]

---
*Report time: 00:00 UTC | NFA/DYOR*

Deliver: Send to user via their preferred channel (Discord, Telegram, etc.)

Feature 2: On-Demand Analysis

User says: "What do you think of $PEPEAI?" or "Analyze FomoBears NFT"

What you do:

# Deep scan this specific asset
bird search "$PEPEAI" -n 30
bird search "$PEPEAI (gem OR scam OR rug OR buy)" -n 20

Analyze gathered tweets:

Count sentiment: Bullish vs Bearish vs Neutral
Identify high-conviction posts: Position sizes, wallet proofs, detailed threads
Check high-rep accounts: Are known good callers in or out?
Look for red flags: Contract issues, copycat names, anon team

Deliver analysis in this exact format:

📊 CT Sentiments:
[4-5 line summary based on top 20-30 recent tweets about the asset. What are people saying? Any patterns? Hype or concern? Specific details about the project/token/NFT]
📈 Overall: [Bullish/Bearish/Neutral] (assessment at end of CT Sentiments section)

🐋 Takes of High-Rep Accounts:
[@Influencer1: "quote or summary of their take" — Bullish]
[@Influencer2: "quote or summary of their take" — Bearish]
[Or: No noticeable activity detected from high-rep accounts — Bearish]

⚠️ Red Flags:
[Any contract issues, anon team, copycat name, LP not locked, etc. Or: None detected]

📊 Score: XX/100

✅ Verdict: [High/Medium/Low confidence — Bullish/Neutral/Bearish]

⚡ NFA / DYOR

How to gather data:

# Get general sentiment tweets
bird search "$TICKER" -n 30

# Get high-rep account takes specifically
bird search "$TICKER (from:DegenKing OR from:AlphaKing OR from:CryptoGem)" -n 20
# Add more KOLs as needed

Scoring guide:

90-100: Strong bullish consensus, high-reps bullish, no red flags
70-89: Moderate bullish, some high-reps in, minor concerns
50-69: Mixed/neutral, no clear direction or high-reps silent
30-49: Bearish signals, some red flags or high-reps warning
0-29: Strong bearish, multiple red flags, avoid

Signal Scoring Guide

CT Sentiment Score (0-100):

80-100: Strong bullish consensus, high-rep accounts in, no red flags
50-79: Mixed or moderate sentiment, do more research
<50: Bearish consensus or multiple red flags detected

What to look for:

Bullish: "gem", "undervalued", "loading up", "next 100x"
Bearish: "rug", "scam", "avoid", "dumping"
High-conviction: Specific numbers ("bought $5k"), wallet screenshots, detailed threads
Red flags: Contract unverified, LP not locked, copycat name, team completely anon

Quick Commands

Task	Command
Daily report	Run scans for last 24h, compile top calls
Analyze asset	`bird search "$TICKER" -n 30`
Check specific caller	`bird search "from:username" -n 20`
Find mints	`bird search "free mint OR minting now NFT" -n 15`

Example Sessions

User: "Get my alpha report"

You: Run the 4 daily scans → compile top calls → format report → deliver

User: "What about $MOONSHOT?"

You: Search "$MOONSHOT" (30 tweets) → analyze sentiment → check for red flags → deliver analysis with score + verdict + NFA

User: "Is @DegenKing reliable?"

You: Search "from:DegenKing" → review their recent calls → give qualitative assessment: "Known for high-conviction calls, recent streak looks solid" or "Mixed bag lately, verify before following"

Built for the agent economy. NFA. DYOR. 🦅

Comments

Loading comments...