Twitter/X scraper with Apify actors
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts show a coherent Apify-based Twitter/X collection helper, with expected but important Apify-token, cost, and email-data handling considerations.
Install only if you intend to use Apify for Twitter/X audience collection. Protect your APIFY_TOKEN, verify the actor IDs, keep collection limits modest, and use email enrichment only when you have a lawful and appropriate reason to process that contact data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the token can run Apify actors under the user's account and potentially consume credits.
The script uses the user's Apify API token to run remote actors. This is expected for the skill, but the token grants access to the user's Apify account and billing.
token = explicit or os.getenv("APIFY_TOKEN", ""); ... params = {"token": token, "format": "json", "clean": "true"}Store APIFY_TOKEN in a secret/environment variable, avoid pasting it into chat or shell history, and rotate it if exposed.
A misconfigured run could send targets to an unintended Apify actor or collect more data than intended.
The CLI exposes actor IDs and collection limits to the caller. This is disclosed and useful, but a wrong actor ID or very large limit could run unexpected actors or create excessive collection/cost.
"limit": {"type": int, "default": 1000}, "follower-actor-id": {"default": FOLLOWER_ACTOR_DEFAULT}, "email-actor-id": {"default": EMAIL_ACTOR_DEFAULT}Use only trusted Apify actor IDs, keep limits reasonable, and confirm large or email-enrichment runs before execution.
Twitter/X handles and enriched email/contact data may be processed by Apify actors and then exported to downstream tools.
When email enrichment is enabled, collected usernames are sent to a remote Apify email actor and returned email/name data is merged into output rows. This matches the stated purpose but is an external data flow.
email_input = build_email_input(rows, limit); email_raw = run_actor_sync(cfg.email_actor_id, cfg.token, email_input)
Review the Apify actors' trust, terms, and data handling; enable email enrichment only when needed and use the results in compliance with applicable privacy and platform rules.