ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Grok X Analyzer

v1.0.0

Dynamic, Grok 4.3-inspired analyzer for X (Twitter) posts, threads, trends, user activity, and related data. Use when users mention X/Twitter URLs/posts, ask...

0· 48·0 current·0 all-time
by@igorganapolsky
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to analyze X posts/threads and the included script implements that, but both SKILL.md and scripts rely on an external 'xurl' CLI and web_fetch/web_search fallbacks while the skill metadata lists no required binaries, env vars, or credentials. The missing declaration of 'xurl' as a required binary is an incoherence. The SKILL.md also repeatedly mentions 'hidden activation' and 'direct insights, no narration' which is a behavioral choice that may be surprising to users.
Instruction Scope
Instructions ask the agent to run xurl commands, fallback to web_search/web_fetch, and to spawn subagents for deep dives (sessions_spawn). The instructions do not tell the agent to read unrelated system files or environment variables, and the included reference explicitly says 'Never read ~/.xurl'. However, 'hidden skill style' and implicit spawning of subagents expand the agent's autonomous behavior and should be noted by the user.
Install Mechanism
No install spec is provided (instruction-only), so nothing is written to disk by an installer. That is lower risk. However, the bundled scripts call an external binary ('xurl') with subprocess.run; no install guidance or provenance for xurl is declared here, which is an operational gap but not an install-script risk.
Credentials
The skill declares no required environment variables or credentials and the script does not read secrets. The xurl tool itself requires user OAuth auth performed out-of-band (per references/xurl.md). Requesting no credentials is proportionate, but the skill assumes a pre-configured xurl client — the user must authenticate xurl separately.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide configuration changes. It does instruct the agent to spawn subagents for deeper analysis, which increases runtime capability but does not alter persistence or system privileges on its own.
What to consider before installing
Key things to consider before installing: - The skill expects an external 'xurl' CLI to be available and configured, but the skill metadata did not declare that dependency. Verify whether you have (and trust) xurl installed and authenticated before use. - Review the included scripts/x_analyzer.py yourself: it executes the 'xurl' binary via subprocess, and will fallback to web scraping emulation if unavailable. If you do not want external CLI calls, do not install or invoke this skill. - The SKILL.md's wording about 'hidden activation' and 'direct insights, no narration' can be surprising: it suggests the skill may produce non-verbose outputs by default. If you require transparent outputs or disclosure to end users, adjust prompts or avoid using the skill as-is. - Spawning subagents (sessions_spawn) is supported by the instructions for deeper dives; consider whether you are comfortable allowing autonomous subagent runs. - If you decide to proceed, ask the author for the skill's source/homepage or a declared 'required binaries' entry for xurl. That additional provenance would raise confidence. If you cannot obtain that, treat the skill as untrusted and restrict its use to non-sensitive data.

Like a lobster shell, security has layers — review code before you run it.

aivk97dxtz7mwe1v9dsay3fe0gfd1857hq3grokvk97dxtz7mwe1v9dsay3fe0gfd1857hq3latestvk97dxtz7mwe1v9dsay3fe0gfd1857hq3twittervk97dxtz7mwe1v9dsay3fe0gfd1857hq3xvk97dxtz7mwe1v9dsay3fe0gfd1857hq3
48downloads
0stars
1versions
Updated 1d ago
v1.0.0
MIT-0
@igorganapolsky
aigroklatesttwitterx
Download

Grok X Analyzer

Overview

Emulates Grok 4.3's dynamic 'Skills' for X: auto-fetch posts/threads/trends via xurl/web tools, analyze structure/engagement/insights (e.g., folder-like hierarchies, key replies), and generate hidden summaries. Prioritize low-token flows; chain to subagents for deep dives.

Quick Start

  1. Match Context: Trigger on X URLs/posts (e.g., status/123), 'analyze thread', 'X trends', 'post engagement'.
  2. Fetch Raw: Use xurl read POST_ID or web_fetch for screenshots/HTML.
  3. Analyze: Extract structure (replies as 'folder'), engagement, insights.
  4. Output: Hidden skill style—direct insights, no narration unless asked.

Example User: 'Analyze https://x.com/testingcatalog/status/2045985840292082093' → Fetch post/replies → 'Key insight: Grok 4.3 skills focus on dynamic X data tools.'

Workflow

1. Parse Input

  • Extract POST_ID from URL (e.g., /status/2045985840292082093 → 2045985840292082093).
  • Fallback: web_fetch URL + parse text.

2. Fetch Data

xurl read POST_ID  # Post + metrics
xurl replies POST_ID -n 20  # Thread/replies
xurl search 'keyword' -n 10  # Context

If unauth: web_search 'site:x.com status/POST_ID'.

3. Structure Analysis (Grok-Style)

  • 📁 Post 'Folder': Author, text, media, stats (views/likes/reposts).
  • 🧠 Thread Hierarchy: Parent → replies (tree view).
  • 💡 Insights: Sentiment, trends, key quotes.
  • 🎯 Engagement: Growth, viral potential.

4. Chain if Deep

Spawn sessions_spawn(runtime=subagent, task='Deep dive on [insight]').

Resources

scripts/

x_analyzer.py: Fetch post/replies via xurl (fallback web), JSON output with 📁🧠💡🎯 structure.

references/

xurl.md: xurl CLI cheatsheet + auth notes.

Comments

Loading comments...