ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bytesagain X Manager

v1.6.0

Manage X (Twitter) account: auto-post AI-generated tweets, monitor brand mentions, auto-like relevant posts, and send Telegram approval requests for replies.

0· 43·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentialsPosts externally
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (auto-post, monitor mentions, auto-like, Telegram approvals) align with the actual code: scripts call X API endpoints, xAI endpoints, and Telegram for approvals. Required credentials listed in SKILL.md (X API keys, XAI key, TG token/chat, X user id) are appropriate for the declared functions.
!
Instruction Scope
Runtime instructions and the Python scripts perform exactly the declared tasks, but SKILL.md claims state files live in /tmp (e.g. /tmp/x-pending-replies.json) while x-engage.py actually writes the pending-queue to ~/.local/share/x-manager/pending-replies.json. SKILL.md also states "No credentials are stored or transmitted by this skill," which is misleading: credentials are read from environment and are used to authenticate to external services (Twitter/x, xAI, Telegram). The agent will send message content and drafts to Telegram and xAI endpoints as part of normal operation.
Install Mechanism
There is no install spec (instruction-only installer), no external download, and the included code files are present in the skill bundle. This is the lower-risk install pattern; however the Python scripts require requests and requests-oauthlib which must exist in the runtime environment.
Credentials
The set of environment variables required (X API keys and secrets, X user id, XAI API key, Telegram token and chat id) are proportional to a social-media automation tool. No unrelated credentials are requested. Note: the code uses those env vars at runtime (no evidence of additional secret collection), but the documentation's 'no credentials transmitted' statement is ambiguous and should be corrected.
!
Persistence & Privilege
The skill writes persistent state: /tmp files (liked IDs, seen mentions, drafts) and a persistent pending-replies file under the user's home (~/.local/share/x-manager/pending-replies.json). Writing into the user's home directory is more persistent than /tmp and could surprise operators expecting ephemeral state. always:false (not force-included) and normal autonomous invocation are set; not flagged alone but combine with persistent files to increase blast radius if misused.
What to consider before installing
Before installing or running this skill: - Review and correct the SKILL.md mismatch: the code stores pending replies at ~/.local/share/x-manager/pending-replies.json, not /tmp/x-pending-replies.json. Expect persistent files under your home directory. - Understand credential use: the X API keys, X access tokens, xAI API key, and Telegram bot token are required and will be used to call external services (Twitter/X, api.x.ai, and api.telegram.org). They are not persisted by the code as plaintext aside from runtime use, but the Telegram messages include draft content and tweet IDs—treat these as data leaving your environment. - Consider using dedicated, least-privilege credentials (an X account only for automation) and a Telegram bot/chat created for this purpose. Limit permissions and rotate keys if needed. - Audit the code yourself or run in a sandboxed account first: verify network endpoints (api.twitter.com, api.x.ai, api.telegram.org) and inspect what is being sent in Telegram notifications and xAI requests. - If you prefer ephemeral state, modify the code to store all state in /tmp or a configurable directory, and ensure file permissions restrict access (avoid world-readable JSON files containing drafts/IDs). - Be aware of platform policy risks: automated likes and automated posting can run afoul of X rules; configure rate/timing and keep human approval for replies as intended. If you want, I can highlight the exact lines where the pending file path is set, show every external endpoint the scripts call, or suggest minimal code edits to make state storage configurable and documented.

Like a lobster shell, security has layers — review code before you run it.

latestvk973wn7zhypf5fky7a8x21ev5n84ta7s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments