Twitter User Published Posts API
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to call the stated JustOneAPI Twitter endpoint, but it handles the API token in a way that can expose it through command-line arguments.
Use this only if you are comfortable providing a JustOneAPI token, and consider modifying the helper or asking the publisher for an update so the token is read from the environment instead of passed with --token.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local user, monitoring tool, or process-list collector could potentially see the JustOneAPI token while the command is running.
The documented command expands the credential into a command-line argument, where it may be visible to local process inspection tools or captured by process telemetry.
node {baseDir}/bin/run.mjs --operation "getTwitterUserPostsV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"restId":"<restId>"}'Prefer a version of the helper that reads JUST_ONE_API_TOKEN directly from the environment or stdin instead of requiring --token on the command line.