X OAuth API
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate X/Twitter API skill, but it can post or delete content from your account and includes optional automation scripts.
Install only if you are comfortable letting the agent use X OAuth credentials for the connected account. Use a dedicated token, review all public posts and deletion targets before execution, avoid the automation script unless you intentionally want scheduled-style posting, and prefer the reviewed lockfile or pinned dependency versions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An accidental or overly broad agent invocation could publish unwanted content or delete a tweet from the connected X account.
The skill directly publishes and deletes X posts when these commands are invoked. This is the advertised purpose, but it is still a high-impact public-account action with no extra confirmation prompt in the code.
.command('post <text>') ... await client.v2.tweet(payload); ... .command('delete <id>') ... await client.v2.deleteTweet(id);Confirm the exact post text, thread contents, and tweet IDs before running post/delete commands; consider adding a confirmation wrapper for destructive or public actions.
Anyone or any agent process with access to these environment variables can act as the configured X account within the token's permissions.
The skill uses OAuth API keys and access tokens to create a read/write X client. That authority is expected for posting and deleting tweets, but it grants real account control.
const accessTokenSecret = process.env.X_ACCESS_TOKEN_SECRET; ... const client = new TwitterApi({ appKey: apiKey, appSecret: apiSecret, accessToken: accessToken, accessSecret: accessTokenSecret }); ... return client.readWrite;Use a dedicated X Developer app/token, grant only the permissions needed, store credentials securely, and rotate or revoke tokens if the environment is shared or compromised.
If run intentionally or by mistake, the script can make automated public posts and leave local logs/state about that activity.
The automation template maintains persistent local state/logs and posts generated content when run. The artifacts do not install a scheduler or background service, so this is disclosed automation rather than hidden persistence.
STATE_DIR="${OPENCLAW_STATE_DIR:-$HOME/.openclaw/x-poster}" ... MAX_POSTS_PER_DAY="${MAX_POSTS_PER_DAY:-3}" ... post_tweet "$content"Do not run generic-post.sh unless you want automated posting; customize its content first and periodically review or remove its ~/.openclaw state/log files.
Following the manual install command could fetch newer dependency versions than the reviewed lockfile.
The manual install example does not pin dependency versions. A package-lock with integrity hashes is included, so this is a supply-chain hygiene note rather than evidence of malicious dependencies.
npm install twitter-api-v2 commander dotenv
Install from the reviewed package/lockfile where possible, or pin dependency versions when installing manually.