Publora Twitter
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is clearly for posting or scheduling X/Twitter content through Publora, but users should confirm public posts and protect the Publora API key.
Before installing or using this skill, make sure you are comfortable giving the agent access to a Publora key that can post to connected X/Twitter accounts. Require explicit confirmation for the final tweet/thread text, target account, media, and schedule time before any post is created.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help publish or schedule public tweets through Publora when the user asks for that action.
The documented API call creates a post on a connected X/Twitter account. This is purpose-aligned and disclosed, but public posting is a high-impact action that should be user-confirmed.
## Post a Tweet
```javascript
await fetch('https://api.publora.com/api/v1/create-post', { ... body: JSON.stringify({ content: 'Just shipped a new feature! 🚀 #buildinpublic', platforms: ['twitter-123456789'] }) });Only allow posting after confirming the exact content, account/platform ID, media, and scheduled time with the user.
Anyone or any agent using the key may be able to act through the connected Publora workspace and linked X/Twitter account according to that key's permissions.
The skill requires a Publora API key for authenticated requests. This is expected for the Publora integration, but it represents delegated account access and is not declared as a primary credential in the registry metadata.
**Header:** `x-publora-key: sk_YOUR_KEY`
Use a least-privilege Publora key if available, avoid exposing it in chat logs or shared files, and review the related core Publora skill before granting access.