Twitter User Profile API
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: justoneapi-twitter-get-user-detail Version: 1.0.0 The skill is a standard API wrapper for retrieving Twitter user profile data via JustOneAPI (api.justoneapi.com). The execution script `bin/run.mjs` correctly implements the described functionality using standard Node.js fetch calls, and the instructions in `SKILL.md` are well-aligned with the stated purpose without any signs of malicious intent or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Another local user or process could potentially observe the JustOneAPI token while the command is running and use it outside this skill.
The instructions pass a high-value API token as a command-line argument, which can be visible to local process inspection tools even though the credential itself is purpose-aligned.
node {baseDir}/bin/run.mjs --operation "getTwitterUserDetailV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"restId":"<restId>"}'Prefer a helper that reads JUST_ONE_API_TOKEN directly from the environment instead of accepting it through argv, and rotate the token if you suspect it was exposed.