OpenTweet X Poster
ReviewAudited by ClawScan on May 11, 2026.
Overview
The skill matches its stated purpose, but it can use an OpenTweet API key to publish, schedule, bulk-post, and trigger automated X/Twitter activity without clear approval safeguards.
Review this skill before enabling it for autonomous use. It appears to do what it advertises, but because it can publish public X/Twitter content, schedule posts, create bulk posts, upload media, and enable automated replies or retweets, you should require confirmation for every public action and protect the OPENTWEET_API_KEY carefully.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could publish or schedule public social media content, including threads and media, with reputational or account consequences if invoked incorrectly.
The skill is explicitly designed to let the agent perform public posting and scheduling actions autonomously. The visible artifacts document high-impact publish workflows but do not show a confirmation gate before posting to public X accounts.
description: Post to X (Twitter) ... Create tweets, schedule posts, publish threads, upload media, run an evergreen queue ... all autonomously.
Only install this if you want the agent to manage X posting, and require explicit user confirmation for any publish, schedule, bulk, media, community, retweet, or auto-reply action.
Anyone or any agent process with this key may be able to act through the connected OpenTweet/X account permissions.
The OpenTweet API key is expected for this integration, but it authorizes actions against connected X accounts, including posting and account selection.
Every request needs this header: Authorization: Bearer $OPENTWEET_API_KEY
Store the API key securely, use the least-privileged account available, verify connected accounts before posting, and revoke or rotate the key if no longer needed.
A configured post may later retweet or reply automatically, which could create unexpected public content if the settings were chosen carelessly.
The artifact discloses delayed provider-side automation that can keep acting after the initial request. This is purpose-aligned, but users should understand that enabled automations may post later without another prompt.
After the post publishes, OpenTweet checks its like count every 5 minutes. When like_count >= auto_plug_threshold, it automatically posts auto_plug_text as a reply
Use auto-retweet, auto-plug, evergreen, and scheduling features only with explicit approval, clear thresholds, and a plan to review or disable pending automation.