Twitter Thread Creation
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Twitter/X helper is purpose-aligned, but it can publish public posts through an external CLI without a clearly shown confirmation gate.
Review this skill before installing if you only want drafting help. Use it only after verifying the inference.sh CLI, logging in with an account you are comfortable connecting, and requiring explicit confirmation before any tweet or thread is posted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incautiously, the agent could publish tweets from the connected account instead of only preparing drafts.
The skill permits a broad external CLI command pattern and documents direct X post creation, but the visible artifact does not show a required confirmation step before public posting.
allowed-tools: Bash(infsh *) ... # Post a tweet infsh app run x/post-create --input
Treat posting as a high-impact action: require an explicit user approval for every tweet/thread, show the final text first, and consider narrowing the allowed command scope.
The connected account may be able to post to X through the CLI, so a mistaken or unauthorized command could affect a public account.
The skill asks the user to authenticate with the inference.sh CLI, which is expected for a posting workflow but gives the CLI delegated authority to act through connected services.
curl -fsSL https://cli.inference.sh | sh && infsh login
Review the login/OAuth scopes, use the least-privileged account available, and revoke the session when no longer needed.
Installing a remote CLI gives third-party code access to the local environment where it is run.
The setup path relies on a remote shell installer for an external CLI. The artifact says checksum verification and manual installation are available, but the installer code is not included in the reviewed artifacts.
curl -fsSL https://cli.inference.sh | sh
Prefer manual installation with checksum verification, and only run the installer if you trust the inference.sh distribution source.
Draft text, URLs, or generated media prompts may be processed by external services before posting.
The workflow sends content, HTML, URLs, or media-related requests to external inference.sh apps. This is disclosed and purpose-aligned, but it is still an external data flow.
Write high-engagement Twitter/X threads via [inference.sh](https://inference.sh) CLI ... infsh app run infsh/html-to-image ... infsh app run infsh/agent-browser
Avoid sending sensitive unpublished information unless you are comfortable with the provider’s data handling and retention policies.