ClawHub

X Growth Operator / X 增长运营助手

v1.0.4

Plan and execute mission-driven X growth operations / 任务驱动的 X 增长运营规划与执行。Use when the user wants to monitor KOL posts, detect emerging discussions, turn brief...

0· 328·0 current·0 all-time
byJiaming Wang@jimmywangjimmy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (X growth operations) align with required items: python3 + node/npm are needed for the provided Python workflows and the Node-based X CLI; the four X OAuth env vars are exactly what a client calling X API would require. Required config path (scripts/.env) is a reasonable place to store credentials for a CLI workflow.
Instruction Scope
SKILL.md explicitly documents the CLI steps the agent will run (Python scripts and npm-installed Node CLI), the local paths used (data/, scripts/.env), and network targets (api.twitter.com, api.x.com, optional Desearch). The instructions do not direct the agent to read unrelated system files or exfiltrate data to unknown external endpoints; the flow is review-first and requires explicit approval for live posting.
Install Mechanism
Install step is a local 'cd scripts && npm install' pulling standard Node packages (commander, dotenv, proxy agents). There are no arbitrary URL downloads, archive extraction, or unusual install locations in the manifest.
Credentials
Declared env vars are the four X OAuth credentials (X_API_KEY, X_API_SECRET, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET) and an optional DESEARCH_API_KEY for live search—these are proportionate and expected for the stated features. The skill uses a local scripts/.env file for configuration, which is consistent with the instructions.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. It writes state to its own data/ directory and scripts/.env and does not appear to modify other skills or system-wide agent settings. The dashboard binds to 127.0.0.1 and is local.
Assessment
This skill is internally consistent with its X-growth purpose, but it will accept and use your X OAuth credentials and can perform live posts when you run it in x-api mode and supply explicit approval. If you plan to install/run it: (1) review scripts/x_oauth_cli.js (and other Node scripts) to confirm they call only official X endpoints you expect; (2) keep credentials in a secure, limited-permission environment (scripts/.env) and do not expose them publicly; (3) be aware 'npm install' will pull dependencies from the registry—run in an isolated or monitored environment if you require extra assurance; (4) the skill documents and enforces a review-first workflow, but always check proposed actions before approving live execution. If you want higher assurance, ask the author for an integrity-signed release or run the tool in an isolated container/VM.

Like a lobster shell, security has layers — review code before you run it.

automationvk97f4ndp0z3761fg8855vfn2gn83abbdbilingualvk97f4ndp0z3761fg8855vfn2gn83abbdlatestvk97f4ndp0z3761fg8855vfn2gn83abbdopenclawvk97f4ndp0z3761fg8855vfn2gn83abbdx-growthvk97f4ndp0z3761fg8855vfn2gn83abbd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, node, npm
EnvX_API_KEY, X_API_SECRET, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET
Configscripts/.env
Primary envX_API_KEY

Install

Nodenpm i -g commander
Nodenpm i -g dotenv
Nodenpm i -g https-proxy-agent
Nodenpm i -g socks-proxy-agent

Comments