Skillv1.1.0

ClawScan security

X OAuth API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 17, 2026, 10:40 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill implements posting to X/Twitter and requests the expected OAuth keys, but there are inconsistencies (Node runtime not declared, no install instructions) and it includes automation/heartbeat scripts that write state to your home directory — review before installing.
Guidance: What to check before installing: - Verify you are comfortable providing a dedicated X (Twitter) app's OAuth credentials; these tokens grant full ability to post/delete as that account. Use a dedicated app and tokens, not high-privilege or shared keys. - The package contains Node code and a package.json (node >=16) but the skill metadata does not declare Node as a required binary or provide an install step. Make sure your environment has Node and install dependencies (npm install) before expecting the CLI to work. - The included scripts will create logs and state files under $HOME/.openclaw/x-poster and $HOME/.openclaw/heartbeat (or the path you set with OPENCLAW_STATE_DIR). If you do not want files written there, inspect and modify scripts first or run in an isolated container/VM. - Automation capability: generic-post.sh is a template for automated posting. Do not schedule or enable it unless you review and customize get_content() to avoid accidental or unwanted posts. - Review the code (bin/x.js, the shell scripts) yourself; the code appears to only contact api.twitter.com and read env vars, but you should verify there are no hidden endpoints or unexpected network calls in the runtime you will use. - As a precaution, test with a throwaway or low-privilege account/app, and rotate credentials after testing if you suspect exposure. If you want me to, I can: (a) extract and show the exact lines that create files/dirs, (b) produce a minimal checklist to safely run this skill inside a container, or (c) search the code for any network calls beyond api.twitter.com.

Review Dimensions

Purpose & Capability: okName, description, CLI commands, and the code (bin/x.js) all align: the skill posts tweets, threads, deletes tweets, and queries account/mentions/search via X API v2 using OAuth 1.0a. The required environment variables (the four OAuth values) are exactly what the code uses.
Instruction Scope: noteRuntime instructions and README correctly describe using environment variables and direct requests to api.twitter.com. However, included helper scripts (generic-post.sh, heartbeat.sh) create state and log files under $HOME/.openclaw/... (or $OPENCLAW_STATE_DIR) and are designed for automated posting/monitoring. SKILL.md and registry metadata did not declare these state/config paths; users should be aware the skill will write logs and state files and can be used to automate posts.
Install Mechanism: concernThere is no install specification in the registry metadata even though the bundle contains node code (bin/x.js), package.json, and package-lock.json with npm dependencies. The skill metadata lists no required binaries, but the code requires Node (package.json specifies node >=16) and uses npm packages. This mismatch (no declared Node/runtime requirement or install steps) is an incoherence and could cause surprises or failed installations.
Credentials: okThe skill only requests the four OAuth environment variables required for OAuth 1.0a (consumer key/secret and access token/secret). An optional X_USER_ID is referenced but not required. No unrelated credentials or secrets are requested.
Persistence & Privilege: noteThe skill does not request 'always: true' or elevated platform privileges. It does, however, persist state and logs to user-writable directories (~/.openclaw/...). The presence of automation templates (generic-post.sh) and a heartbeat script means this package is set up to run recurring/automated posts if a user enables or schedules those scripts — consider this before enabling automation.