Twitter/X API
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Twitter/X API helper, but it can use account credentials to post tweets and send DMs, so users should confirm outgoing actions carefully.
Install only if you want an agent-assisted Twitter/X CLI. Use least-privilege API credentials, store them securely, install tweepy from a trusted source, and require explicit confirmation before any tweet, reply, thread, media upload, or DM is sent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed with full-access tokens, the agent can act through the user's Twitter/X account when commands are invoked.
The skill needs credentials that can authenticate to a user's X/Twitter account. This is expected for the stated integration, but those tokens may allow account reads, posts, replies, and DMs depending on scope.
Requires Twitter API credentials (API key, API secret, access token, access secret) or Bearer token.
Use the least-privileged Twitter/X tokens available, keep credential files private, and rotate tokens if they are exposed.
Mistaken or unintended use could publish content publicly or message another user from the account.
The documented commands can publish public tweets/replies/threads and send private messages. This is purpose-aligned and disclosed, but the artifacts do not show an extra confirmation gate.
| Post tweet | `{baseDir}/scripts/tweet.py post "text"` | ... | Send DM | `{baseDir}/scripts/tweet.py dm USERNAME "message"` |Before letting the agent run write actions, confirm the exact tweet, reply, thread, media, or DM recipient and message.
Installing the dependency from an untrusted or changed package source could affect the local Python environment.
The skill relies on a manually installed, unpinned third-party Python package. This is normal for a Twitter API CLI, but version pinning and trusted package sources reduce supply-chain risk.
pip install tweepy
Install tweepy from a trusted package index, consider pinning a known-good version, and use a virtual environment.