X Social Manager Dist
WarnAudited by ClawScan on May 17, 2026.
Overview
Review before installing: it is a plausible X/Twitter manager, but it auto-installs an unpinned Twitter CLI and uses live X credentials to post or reply on your account.
Install only if you are comfortable letting an agent-assisted CLI use your X/Twitter credentials. Prefer manually installing and reviewing twitter-cli, do not allow automatic `curl | sh` setup without approval, use a dedicated account/profile or scoped credentials, keep approval required for every public action, and periodically clean the skill's memory and reply archive files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run new third-party code on your machine before ordinary use, and that code is then expected to operate your X/Twitter account.
The skill instructs the agent to execute a remote installer and install an unpinned external CLI automatically, despite being presented as an instruction-only skill.
If `uv` is NOT available, install it first: `curl -LsSf https://astral.sh/uv/install.sh | sh` then `uv tool install twitter-cli`
Install uv and twitter-cli yourself from trusted sources, pin or verify versions where possible, and require explicit approval before any setup command is run.
If the CLI or agent workflow misbehaves, it could access or mutate your real X/Twitter account using your existing session.
The skill relies on live browser/session credentials or X auth tokens and gives the CLI authority to interact with the account; the artifacts do not define a narrow browser profile, token scope, or containment boundary.
An active X (Twitter) session in your browser (for cookie-based auth) ... Operates the CLI — can post, reply, search, and analyze directly via `twitter-cli`
Use a dedicated X account or browser profile, prefer explicit environment credentials over broad browser-session access when possible, and verify every account-changing action.
Approved posts or replies can become public under your account and may affect reputation or relationships.
Direct posting is high-impact because it publishes to a public account, but the instruction is purpose-aligned and includes an explicit approval gate.
Direct posting — The agent CAN post directly via `twitter post`. Always present final text + char count to user and get explicit approval before executing.
Read the exact text, account, media, and reply target before approving any post, reply, quote, delete, follow, or retweet action.
Your writing style, profile details, performance history, and leads may persist in local files and influence later outputs.
The skill stores exact user voice samples and reuses them for future drafting, which is expected for personalization but creates persistent local context that can become stale, sensitive, or poisoned.
This file contains the user's actual replies word-for-word ... Populated during onboarding by fetching the user's real replies via `twitter search`.
Periodically review, edit, or delete the memory and reply archive files, especially before sharing the workspace or using the skill for a different account.
Sub-agents could operate over the same local files and account tooling as the main agent, so mistakes may propagate across the skill's memory and strategy files.
The skill delegates tasks to helper agents that may read files, write files, and run shell commands; this is disclosed, but the exact permission boundary depends on the host IDE.
The main agent reads this file and creates the sub-agent files in whatever format the host IDE requires ... `x-intel-updater` ... Tools: Read, Write, Grep, Bash
Enable sub-agents only in environments where you understand their permissions, and review generated sub-agent files before letting them run account or file-writing workflows.