Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wip X
v1.0.1X Platform API. Read posts, search tweets, post, upload media.
⭐ 0· 513·0 current·0 all-time
byParker Todd Brooks@parkertoddbrooks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, README, SKILL.md and code all implement an X Platform (Twitter) client with read/write functionality; the required OAuth/bearer credentials are appropriate for that purpose. However the registry metadata claims no required env vars/credentials while SKILL.md and the code clearly expect multiple X-related credentials — an inconsistency that could mislead users about what secrets will be needed.
Instruction Scope
Runtime instructions and code access credentials via environment variables and via the 1Password CLI (op read) using child_process.execSync. That behavior is consistent with the README/README troubleshooting text, but the code's default 1Password item name differs from README/SKILL.md, and the code will execute a system command to read secrets if op is available. The skill also exposes an MCP server that will accept tool calls (read/write) — make sure you understand which agent contexts can invoke those tools.
Install Mechanism
There is no install spec (instruction-only in registry) which reduces install risk, but the package includes Node code and an npm dependency (@xdevplatform/xdk) referenced in package.json and package-lock (resolved from npm). No downloads from arbitrary URLs were observed. One mismatch: mcp-server imports @modelcontextprotocol/sdk but that dependency is not listed in package.json, which is an implementation/packaging inconsistency (may cause runtime failures).
Credentials
The code and SKILL.md require sensitive credentials (X_BEARER_TOKEN and the four OAuth 1.0a tokens) and optionally 1Password vault access (OP_VAULT / OP_ITEM). Those tokens are proportional for a read+write X client, but the registry metadata omitted them and the README/SKILL.md and auth.mjs disagree on the default 1Password item name (README says item "X Platform API"; auth.mjs defaults OP_ITEM to 'X API Key - wip-01'). This mismatch could cause unexpected credential prompts or failures and increases the chance of accidental secret exposure.
Persistence & Privilege
always:false and no claimed system-wide modifications. The skill can be invoked autonomously (default platform behavior), which combined with access to OAuth credentials increases blast radius — expected for a networked API client but worth noting. The skill itself does not request permanent system-level privileges.
What to consider before installing
This package appears to be a legitimate X/Twitter API wrapper, but review these before installing: 1) Expect to provide X credentials (bearer or full OAuth); the registry metadata omitted them — don't assume no secrets are needed. 2) The code will try to read secrets from 1Password via the 'op' CLI (executes 'op read'); confirm you want the op CLI to be used and verify the vault/item names (README vs auth.mjs disagree). 3) Only grant write-scoped OAuth tokens if you trust the code — write tokens can post or delete tweets. 4) Note the MCP server exposes tools that can be called programmatically; limit which agents or environments can run it. 5) Do a quick code review (auth.mjs, core.mjs, mcp-server.mjs) and run npm install/test in a sandboxed environment; verify dependencies and add missing ones (modelcontextprotocol sdk) before production use. If you want to proceed, prefer providing credentials via environment variables scoped to a dedicated app with minimal permissions, or run the tool in an isolated container.Like a lobster shell, security has layers — review code before you run it.
latestvk97bh78r6darvvetkbr5r2fhd981ks03
License
MIT-0
Free to use, modify, and redistribute. No attribution required.