Twitter/X Reader
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent tweet-reading helper, with the main things to notice being disclosed third-party tweet lookups and under-declared local shell dependencies.
This appears safe to use for public tweet-reading tasks. Before installing, confirm you are comfortable with shell scripts using curl/jq and with third-party services seeing the tweet URLs you ask the agent to read.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail or require manual setup even though the registry metadata does not declare those requirements.
The registry metadata does not surface the local runtime requirements or installation behavior for the included shell scripts; the documentation separately requires bash, curl, jq, and chmod.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill. Code file presence: 4 code file(s)
Verify the included scripts before enabling them and ensure bash, curl, and jq are installed; the publisher should declare these dependencies in metadata.
FxTwitter or Nitter instances can observe which tweet URLs are being requested.
The skill sends the requested tweet username and ID to external providers. This is disclosed and necessary for the feature, but it is still a third-party data flow.
User provides tweet URL ... Script extracts username/ID from URL ... Makes API request to FxTwitter or Nitter
Use the skill for tweet URLs you are comfortable sending to those public services, and avoid treating it as fully local/private despite local parsing.