Twitter Automation
Automate Twitter/X with posting, engagement, and user management via inference.sh CLI. Apps: x/post-tweet, x/post-create (with media), x/post-like, x/post-re...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 2 · 1.8k · 16 current installs · 16 all-time installs
byÖmer Karışman@okaris
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and runtime instructions align: the SKILL.md consistently describes using the inference.sh CLI to post, like, retweet, DM, follow, and query X/Twitter. The actions and example commands map to the stated purpose. No unrelated services or credentials are requested in the manifest.
Instruction Scope
The instructions stay within the scope of social automation (install CLI, run infsh app run <app> with JSON inputs). They do instruct 'infsh login' which implies creating/storing authentication tokens via the CLI, but they do not instruct reading arbitrary local files or exfiltrating data. However, the SKILL.md also references other platform apps (image/video generation) which may require their own credentials or external uploads; that increases the attack surface if you follow those workflows.
Install Mechanism
There is no install spec in the registry; instead SKILL.md suggests piping a remote install script (curl -fsSL https://cli.inference.sh | sh) that downloads a binary from dist.inference.sh. That is a high-risk install pattern: it pulls and runs code from a third-party domain rather than a well-known package host. The doc claims SHA-256 checksums are available, but verification is manual and depends on the user trusting the distribution site and TLS chain. This is the main security concern.
Credentials
The registry declares no required environment variables or primary credential, but the runtime requires 'infsh login' (i.e., the CLI will obtain and store auth tokens). That is reasonable for a social media automation tool, but it's not explicit in the manifest—so you should verify what credentials/tokens the CLI requests, where it stores them, and whether it requires OAuth/API keys for X/Twitter or proxies them through inference.sh.
Persistence & Privilege
The skill does not request always:true and has no install spec in the registry that would force persistent system presence. The CLI login will likely store tokens/config in the user's home directory (expected behaviour) but the skill itself doesn't declare system-wide privileges or modify other skills.
What to consider before installing
This skill appears to do what it says (Twitter/X automation via the inference.sh CLI), but take precautions before installing: 1) Do not blindly run curl | sh — instead download the installer, inspect the script, and verify the SHA-256 checksums against the checksums.txt over HTTPS. 2) Confirm the legitimacy of inference.sh/dist.inference.sh (who operates them, repo, release signatures) before trusting binaries from that domain. 3) Understand what 'infsh login' does: what credentials it requests, where tokens are stored, and whether the CLI will forward your Twitter/X credentials to a third party. 4) Test with a throwaway or restricted account first, since automated likes/DMs/follows can violate platform TOS and risk account suspension. 5) If you want lower risk, prefer vendor-distributed packages on trusted registries or build from source and verify signatures; request the skill author include an explicit install spec or vetted package link. If you need help analyzing the installer script or the CLI's auth flow, provide the script or the relevant docs and I can review them.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.1.5
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Twitter/X Automation
Automate Twitter/X via inference.sh CLI.
Quick Start
# Install CLI
curl -fsSL https://cli.inference.sh | sh && infsh login
# Post a tweet
infsh app run x/post-tweet --input '{"text": "Hello from inference.sh!"}'
Install note: The install script only detects your OS/architecture, downloads the matching binary from
dist.inference.sh, and verifies its SHA-256 checksum. No elevated permissions or background processes. Manual install & verification available.
Available Apps
| App | App ID | Description |
|---|---|---|
| Post Tweet | x/post-tweet | Post text tweets |
| Create Post | x/post-create | Post with media |
| Like Post | x/post-like | Like a tweet |
| Retweet | x/post-retweet | Retweet a post |
| Delete Post | x/post-delete | Delete a tweet |
| Get Post | x/post-get | Get tweet by ID |
| Send DM | x/dm-send | Send direct message |
| Follow User | x/user-follow | Follow a user |
| Get User | x/user-get | Get user profile |
Examples
Post a Tweet
infsh app run x/post-tweet --input '{"text": "Just shipped a new feature! 🚀"}'
Post with Media
infsh app sample x/post-create --save input.json
# Edit input.json:
# {
# "text": "Check out this AI-generated image!",
# "media_url": "https://your-image-url.jpg"
# }
infsh app run x/post-create --input input.json
Like a Tweet
infsh app run x/post-like --input '{"tweet_id": "1234567890"}'
Retweet
infsh app run x/post-retweet --input '{"tweet_id": "1234567890"}'
Send a DM
infsh app run x/dm-send --input '{
"recipient_id": "user_id_here",
"text": "Hey! Thanks for the follow."
}'
Follow a User
infsh app run x/user-follow --input '{"username": "elonmusk"}'
Get User Profile
infsh app run x/user-get --input '{"username": "OpenAI"}'
Get Tweet Details
infsh app run x/post-get --input '{"tweet_id": "1234567890"}'
Delete a Tweet
infsh app run x/post-delete --input '{"tweet_id": "1234567890"}'
Workflow: Generate AI Image and Post
# 1. Generate image
infsh app run falai/flux-dev-lora --input '{"prompt": "sunset over mountains"}' > image.json
# 2. Post to Twitter with the image URL
infsh app run x/post-create --input '{
"text": "AI-generated art of a sunset 🌅",
"media_url": "<image-url-from-step-1>"
}'
Workflow: Generate and Post Video
# 1. Generate video
infsh app run google/veo-3-1-fast --input '{"prompt": "waves on a beach"}' > video.json
# 2. Post to Twitter
infsh app run x/post-create --input '{
"text": "AI-generated video 🎬",
"media_url": "<video-url-from-step-1>"
}'
Related Skills
# Full platform skill (all 150+ apps)
npx skills add inference-sh/skills@inference-sh
# Image generation (create images to post)
npx skills add inference-sh/skills@ai-image-generation
# Video generation (create videos to post)
npx skills add inference-sh/skills@ai-video-generation
# AI avatars (create presenter videos)
npx skills add inference-sh/skills@ai-avatar-video
Browse all apps: infsh app list
Documentation
- X.com Integration - Setting up Twitter/X integration
- X.com Integration Example - Complete Twitter workflow
- Apps Overview - Understanding the app ecosystem
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…