Production-ready Twitter/X data and automation for autonomous agents
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: asia-twitter-api-v1 Version: 1.0.0 The skill is classified as 'suspicious' due to its core functionality involving the transmission of Twitter account credentials (email, password, proxy) to a third-party API (api.aisa.one) for 'write operations' (login, post, like, retweet). This introduces a significant trust dependency and inherent security risk, as explicitly highlighted by the extensive security warnings throughout the `SKILL.md`, `README.md`, `twitter_client.py`, and dedicated `SECURITY.md` files. While this behavior is risky, there is no evidence of malicious intent; rather, the package goes to great lengths to transparently disclose these risks, classify operations as 'HIGH RISK', and provide comprehensive best practices and warnings to the user, including runtime warnings in `twitter_client.py` before credential transmission. The `cleanup.sh` script performs package hygiene and checks for potential secrets within the package itself, but does not exfiltrate data. The documentation (especially `SKILL.md`) does not contain any prompt injection attempts to subvert the AI agent for malicious purposes, instead focusing on user education and risk mitigation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised, misused, or over-trusted provider flow could access, misuse, or get banned the Twitter/X account used for write operations.
The login method packages Twitter account and proxy credentials and sends them to the AIsa API, granting a third party credential-level account access rather than a narrow scoped token.
BASE_URL = "https://api.aisa.one/apis/v1" ... "email": email, "password": password, "proxy": proxy ... return self._request("POST", "/twitter/user_login_v3", data=data)Prefer read-only functions. If write access is necessary, use only a dedicated automation account with a unique password, review the provider carefully, rotate credentials, and prefer scoped OAuth-style access where possible.
An agent or user mistake could publish unwanted content, like or retweet inappropriate posts, alter a profile, damage reputation, or trigger account enforcement.
The skill exposes operations that can mutate a public social-media account. The warnings are clear, but the provided artifacts do not show a built-in confirmation or policy gate for these high-impact actions.
Write Operations (Authentication Required - High Risk) - Post tweets - Like tweets - Retweet - Update profile
Require explicit user approval for every write action, limit which accounts and actions are allowed, add rate limits and dry-run modes, and keep read-only operations as the default.
Users may under-protect the AIsa API key if they read the read-only mode as completely credential-free.
The skill also requires AISA_API_KEY and shows Authorization bearer headers elsewhere, so this wording should be understood as no Twitter credentials, not no credentials at all.
Read Operations (SAFE - Recommended for Most Users) ... No authentication required ... No credentials transmitted
Clarify documentation to say that read operations require the AIsa API key but do not require Twitter login credentials, and advise users to protect and rotate the API key.
If run from the wrong directory, it could delete unrelated local build, cache, IDE, log, or temporary files.
The optional cleanup script recursively deletes files and directories matching common cache, build, IDE, and temporary-file patterns from the current directory.
find . -name "$pattern" -type f -delete ... find . -type d -name "$pattern" -exec rm -rf {} +Run the cleanup script only inside a disposable copy of the package directory after reviewing it, and do not run it from a broader project or home directory.