X Api
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it says, but it gives an agent write access to post publicly on X without an explicit confirmation guard and with under-declared credential handling.
Install this only if you want the agent to be able to post to your X account. Before using it, make sure every tweet is explicitly approved by you, store the X tokens securely, remove any unexpected .x-api.json files from project directories, and consider pinning the npm dependency.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent invokes this with the wrong text or at the wrong time, it could publish an unintended tweet from the user's account.
The script directly publishes the supplied text to X. The artifacts do not show a confirmation, preview, draft mode, or user-approval gate before the public post is made.
const { data } = await client.v2.tweet(text);Require explicit user confirmation before every post, show the final tweet text and target account, and consider disabling autonomous model invocation for this skill.
The agent may use X credentials from an unexpected location or users may underestimate the account authority being granted.
The code loads X account credentials from local files, including a current-working-directory .x-api.json fallback that is not documented in SKILL.md. Registry metadata also declares no primary credential or required environment variables despite the skill needing write-capable X tokens.
const configPaths = [
join(homedir(), '.clawdbot', 'secrets', 'x-api.json'),
join(process.cwd(), '.x-api.json'),
];Declare the credential requirements in metadata, document every credential source, remove or require explicit opt-in for the current-directory fallback, and advise users to restrict file permissions on the secrets file.
A future dependency update could change behavior or introduce a vulnerability.
The skill relies on a third-party npm package with a caret version range, so installs can resolve to newer package versions than the reviewed one. This is expected for an API integration but worth noticing.
"dependencies": {
"twitter-api-v2": "^1.19.0"
}Use a lockfile or pinned dependency version and install from trusted npm sources.
Users may misunderstand platform limits or compliance implications.
The wording frames the skill as bypassing rate limits and bot detection, although the same documentation later acknowledges official X API limits. It appears to mean using the official API rather than a stealth bypass, but the phrasing could mislead users.
Bypasses rate limits and bot detection that affect cookie-based approaches like bird CLI.
Clarify that the skill uses the official X API, remains subject to X API limits and terms, and is not intended to evade platform protections.