Twitter Agent

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill transparently automates Twitter/X posting, but it gives the agent public write authority and tells it to execute publish commands without requiring a separate review step.

Only install this if you are comfortable giving an OpenClaw agent write access to your Twitter/X account. Review every generated tweet, reply, quote tweet, and image before publishing, use a dedicated Twitter app/account if possible, and rotate the tokens if you stop using the skill.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If invoked broadly, the agent could publish generated content from the user's Twitter/X account, causing public reputational, spam, or rate-limit consequences.

Why it was flagged

This makes command execution and publishing the normal workflow for generated social media content, but the artifacts do not require a separate user confirmation before the agent posts, replies, or quote-tweets publicly.

Skill content

**IMPORTANT: Use the exec tool to run all commands below. Do NOT just display them.** ... Step 3 — Publish ... Call the appropriate script from Step 1 above.

Recommendation

Require a preview and explicit confirmation for each tweet, reply, quote tweet, and image upload; set clear limits for counts, target accounts, and posting frequency.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone or anything that can run the skill with these environment variables can act on the connected Twitter/X account within the app's permissions.

Why it was flagged

The skill explicitly requires Twitter credentials with write permissions. This is purpose-aligned for posting, replying, and quote-tweeting, but it delegates real account authority to the agent.

Skill content

`TW_ACCESS_TOKEN` | developer.x.com → Your App → Generate (Read+Write) ... Set your Twitter App permissions to **Read and Write**

Recommendation

Use a dedicated Twitter app or account where possible, keep tokens private, monitor posted content, and revoke or rotate credentials if the skill is no longer needed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Future installs may resolve to a different tweepy version than the one the author tested.

Why it was flagged

The required Python package is purpose-aligned, but the install entry does not pin a version or lockfile in the provided artifacts.

Skill content

install:
  - id: tweepy
    kind: pip
    package: tweepy

Recommendation

Pin dependency versions or install in an isolated environment, and verify the package source before use.