ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Twitter/X scraper with Apify actors

v1.0.3

Use this skill when the user needs Twitter/X audience collection through Apify actors (followers/following/both) with optional email enrichment, username ext...

0· 304·0 current·0 all-time
by@hundevmode
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what the files request and do: the skill runs Apify follower/email actors, accepts an APIFY_TOKEN, and includes a Python CLI that calls api.apify.com. The default actor IDs are documented and configurable. Nothing in the repo asks for unrelated cloud credentials or unrelated binaries.
Instruction Scope
SKILL.md and the script only instruct calling Apify endpoints and running the included Python CLI. The script posts payloads to https://api.apify.com/v2/acts and returns normalized JSON. This is in-scope for the stated purpose. Important note: running the skill executes remote Apify actors (third‑party code identified by actor IDs); those actors run on Apify and can process or forward collected data—review those actors on Apify if you don't control them.
Install Mechanism
No install spec; it's instruction-only plus a small Python script and a single dependency (requests). That is proportionate and low-risk from an install perspective.
Credentials
Only APIFY_TOKEN is required, which is appropriate. However APIFY_TOKEN is a sensitive credential granting access to your Apify account (start runs, access datasets, potentially incur costs). Ensure you understand the token's privileges and avoid using a token with broader permissions than necessary.
Persistence & Privilege
Skill does not request permanent presence or special agent-wide privileges (always:false). It does not modify other skills or system settings and has no config path requirements.
Assessment
This skill appears coherent and does what it says: it uses your APIFY_TOKEN to call Apify and run follower/email actors, returning normalized rows. Before installing or running it: 1) Treat APIFY_TOKEN as sensitive—use a token scoped/minimized for this purpose or a throwaway/test token for initial tests; 2) Review the default actor IDs (bIYXeMcKISYGnHhBG and mSaHt2tt3Z7Fcwf0o) on Apify—those are third‑party actors and will run their code on Apify's platform when you invoke them; if you don't control those actors, inspect their source/behavior or replace them with actors you trust; 3) Test with small limits and with --include-emails disabled to verify behavior and cost; 4) Consider legal and privacy constraints (scraping/processing personal data and email enrichment may violate service terms or laws in some jurisdictions); 5) Note minor repo issues (duplicated frontmatter keys in SKILL.md and a small potential code bug around dt.UTC that could raise an exception) — these are not security red flags but you may want to run a quick smoke test locally. If you need to proceed but are unsure about the third‑party actors, ask the skill publisher for the actor source or use your own Apify actors instead.

Like a lobster shell, security has layers — review code before you run it.

apifyvk97bc1z7gg3pw9hh92c4p7d96n820wh2emailsvk97bc1z7gg3pw9hh92c4p7d96n820wh2latestvk97bc1z7gg3pw9hh92c4p7d96n820wh2leadgenvk97bc1z7gg3pw9hh92c4p7d96n820wh2scrapervk97bc1z7gg3pw9hh92c4p7d96n820wh2twittervk971w1ykrsct5q5j4x8e9j36x58204cttwitter-scrapervk97bc1z7gg3pw9hh92c4p7d96n820wh2xvk971w1ykrsct5q5j4x8e9j36x58204ct

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAPIFY_TOKEN

SKILL.md

Twitter/X Apify Actors

Overview

This skill runs a reliable actor-based pipeline for Twitter/X lead collection using Apify. It extracts a username from an X/Twitter link, runs a follower/following actor, optionally runs an email actor, and returns normalized rows for outreach workflows.

Use this skill when a user asks to:

  • collect followers/following from X via Apify actors
  • enrich collected usernames with emails
  • convert profile links to actor-ready usernames
  • build JSON/webhook payloads for n8n or API endpoints

Default actor IDs in this skill:

  • Followers actor: bIYXeMcKISYGnHhBG
  • Email actor: mSaHt2tt3Z7Fcwf0o

Quick Workflow

  1. Parse input target (https://x.com/..., https://twitter.com/..., or @username).
  2. Build follower actor payload using collectType and limit.
  3. Run follower actor and normalize usernames.
  4. If enrichment is enabled, run email actor and merge results.
  5. Return final rows + summary metrics.

Execution Rules

  • Prefer script execution for reliability: use scripts/apify_twitter_actors.py.
  • Keep actor IDs configurable, but default to the IDs above.
  • Always validate collectType (followers, following, both) and positive limit.
  • If email enrichment is disabled, skip email actor entirely.
  • Never hardcode the Apify token in outputs. Use env APIFY_TOKEN or explicit CLI argument.

Authentication (Apify token)

Users can provide the Apify API token in two supported ways.

Option A: Environment variable (recommended)

export APIFY_TOKEN='apify_api_xxx'
python3 scripts/apify_twitter_actors.py run-pipeline \
  --target 'https://x.com/elonmusk' \
  --collect-type followers \
  --limit 1000 \
  --include-emails

Option B: CLI argument

python3 scripts/apify_twitter_actors.py run-pipeline \
  --apify-token 'apify_api_xxx' \
  --target 'https://x.com/elonmusk' \
  --collect-type followers \
  --limit 1000 \
  --include-emails

If both are provided, --apify-token is used. If neither is provided, the script returns an explicit authentication error.

Script Usage

Run with Python 3.10+.

python3 scripts/apify_twitter_actors.py parse-username --target 'https://x.com/elonmusk'

APIFY_TOKEN='apify_api_xxx' \
python3 scripts/apify_twitter_actors.py run-followers \
  --target 'https://x.com/elonmusk' \
  --collect-type followers \
  --limit 1000

APIFY_TOKEN='apify_api_xxx' \
python3 scripts/apify_twitter_actors.py run-pipeline \
  --target 'https://x.com/elonmusk' \
  --collect-type followers \
  --limit 1000 \
  --include-emails

Quick auth check:

APIFY_TOKEN='apify_api_xxx' \
python3 scripts/apify_twitter_actors.py run-followers \
  --target 'https://x.com/elonmusk' \
  --collect-type followers \
  --limit 10

For contracts and payload details, read:

  • references/actor-contracts.md
  • references/troubleshooting.md

Output Contract

The pipeline returns JSON with:

  • targetUsername
  • collectType
  • totalCollected
  • emailsFound
  • rows[] with username, name, email, sourceType, collectedAt

Use this output directly in n8n Code/HTTP nodes or export to CSV/Google Sheets.

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…