Twitter Operations
Security checks across malware telemetry and agentic risk
Overview
This skill is not shown to contain executable malware, but it gives broad Twitter/X account-control instructions, including bulk and human-like automation, without clear approval or credential boundaries.
Before installing, confirm that you really want an agent to control a Twitter/X account. Use limited OAuth scopes, require manual approval for posts/replies/DMs/follows/blocks/bulk actions, avoid the human-like bulk automation behavior, and review where credentials, logs, archives, and webhook alerts will be stored or sent.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could affect a Twitter/X account's public reputation, messages, followers, blocks, and moderation decisions.
These are high-impact account and public-content actions. The supplied text does not show explicit per-action approval, scope limits, rollback, or containment for bulk and moderation operations.
"Post tweets and threads" ... "Reply to mentions and direct messages" ... "Like and retweet content" ... "Bulk operations (mass follow/unfollow/block)" ... "Community management and moderation"
Require explicit user confirmation for every post, reply, DM, follow, unfollow, block, moderation action, and any bulk operation; set small limits and provide a clear undo or review process where possible.
A broadly scoped OAuth token could let the agent act as the user across one or more Twitter/X accounts.
The skill expects OAuth credentials and may manage multiple accounts, but the provided artifacts do not define OAuth scopes, token handling boundaries, or account-level approval controls.
"Handle Twitter authentication (OAuth 1.0a/2.0)" ... "Manage multiple Twitter accounts" ... "credentials_file": "~/.openclaw/twitter_credentials.json"
Use least-privilege OAuth scopes, a dedicated account or token where possible, encrypted credential storage, and a simple way to revoke credentials after use.
Using this guidance could make the account appear to engage in spam-like or deceptive automation and may increase the chance of account restrictions.
This wording encourages making automated bulk behavior look human, which can hide automation and may conflict with platform rules or user expectations.
"Add delays between bulk operations to appear more human-like"
Avoid evasion-style automation guidance; use transparent, rate-limited, terms-compliant workflows with user-approved actions.
Tweets, analytics, user data, and logs may remain on the device after use.
The skill plans to persist Twitter-related data and logs locally. This is purpose-aligned, but the supplied text does not describe retention, exclusions, cleanup, or reuse rules.
"archive_tweets": true ... "cache_dir": "~/.openclaw/cache/twitter" ... "log_file": "~/.openclaw/logs/twitter.log" ... "archive_dir": "~/.openclaw/archives/twitter"
Review what is archived or logged, set retention limits, protect local files, and avoid storing private messages or sensitive account data unless necessary.
Brand mentions or account-monitoring events could be sent to an external webhook service.
The skill supports sending monitoring alerts to a webhook. This appears user-directed and purpose-aligned, but the destination trust and data contents are not defined.
"command": "openclaw twitter monitor @brandname --alert-webhook https://hooks.example.com" ... "Use webhook notifications for important events"
Use only trusted webhook destinations and avoid sending private, sensitive, or account-identifying data unless the user explicitly approves it.