ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Twitter Operations

Automate and manage Twitter/X accounts by posting, scheduling, replying, analyzing, tracking trends, managing followers, and handling media and analytics.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2.9k · 13 current installs · 14 all-time installs
by@millymilton
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill manifest clearly targets Twitter/X automation (posting, streaming, OAuth auth, scraping, bulk follow/unfollow, archiving, multi-account management). However the registry metadata declares no required environment variables, no primary credential, and no config paths — yet the SKILL.md references OAuth auth, a credentials_file, cache/log/archive directories, and many API endpoints. That mismatch between declared requirements and the manifest is incoherent.
!
Instruction Scope
SKILL.md includes instructions and examples that imply writing persistent credential files (~/.openclaw/twitter_credentials.json), archiving and caching user data, scraping tweets and profiles, performing bulk operations, and sending alerts to external webhooks (example: https://hooks.example.com). Those behaviors involve reading/writing persistent storage and transmitting potentially large amounts of user data to third parties — scope that isn't described in the top-level metadata and could enable data exfiltration or abusive automation if misused.
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself. However the SKILL.md lists numerous Python dependencies (tweepy, requests-oauthlib, python-dotenv, pandas, beautifulsoup4, etc.) but provides no automated install instructions. That inconsistency can lead to runtime failures or ad-hoc installation of packages by the integrator; it is not direct code-execution risk from the registry, but it's an implementation gap that should be clarified.
!
Credentials
Although manifest metadata lists no required env vars or primary credential, the instructions explicitly expect OAuth credentials, reference storing credentials on disk, and suggest using environment variables or encrypted files. The skill also supports sending events to external webhooks — a channel that could carry sensitive data. Requesting no declared credentials while requiring them at runtime is disproportionate and a practical mismatch that raises security questions.
Persistence & Privilege
The skill will persist files under ~/.openclaw (credentials, cache, logs, archives) according to SKILL.md. It does not request always:true, nor system-wide config changes, but it does expect to create and read persistent files in the user's home directory. This is expected for an automation tool but should be explicit in declared config paths and documented encryption/permissions behavior.
What to consider before installing
This skill's manifest looks functionally plausible for Twitter/X automation, but there are important gaps and mismatches you should resolve before installing: 1) Ask the author to provide a clear description and to update registry metadata to declare the required credentials (OAuth keys/tokens) and config paths explicitly. 2) Verify where credentials are stored and whether they are encrypted; prefer environment variables or a secure secrets store over plaintext files in your home directory. 3) Confirm how webhooks are used and whether any monitored content could be forwarded externally; never supply a webhook you do not control. 4) Request an install spec or vetted package instructions for the listed Python dependencies so you can review and control what is installed. 5) Be cautious with features that scrape data or perform bulk follow/unfollow/block operations — they can violate platform policies and enable abusive behavior. If you cannot verify the author or get these clarifications, test the skill in an isolated account and environment or do not install.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9745vjpz4wtajvwk5zptmvkpn80crks

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

{ "name": "twitter_operations", "description": "Comprehensive Twitter/X platform automation and management", "version": "1.0.0", "category": "social_media", "enabled": true, "triggers": ["twitter", "tweet", "x.com", "social media", "twitter api"], "capabilities": [ "Post tweets and threads", "Schedule tweets for optimal engagement times", "Reply to mentions and direct messages", "Search tweets by keywords, hashtags, or users", "Monitor trending topics and hashtags", "Analyze tweet performance and engagement metrics", "Follow/unfollow users based on criteria", "Like and retweet content", "Create and manage Twitter lists", "Track follower growth and analytics", "Implement Twitter bot functionality", "Scrape tweets and user profiles", "Generate tweet content with optimal hashtags", "Manage multiple Twitter accounts", "Monitor brand mentions and sentiment", "Auto-reply to specific keywords or patterns", "Archive tweets and user data", "Create Twitter polls", "Upload and manage media (images, videos, GIFs)", "Implement rate limiting and API quota management", "Handle Twitter authentication (OAuth 1.0a/2.0)", "Parse and format tweet metadata", "Export analytics to CSV/JSON", "Real-time streaming of tweets", "Detect and respond to specific user interactions", "Bulk operations (mass follow/unfollow/block)", "Twitter Spaces monitoring and participation", "Community management and moderation", "Hashtag performance tracking", "Competitor account monitoring" ], "parameters": { "api_version": "v2", "auth_type": "oauth2", "rate_limit_mode": "conservative", "max_tweets_per_request": 100, "default_tweet_count": 10, "retry_attempts": 3, "timeout_seconds": 30, "media_upload_max_size_mb": 5, "thread_delay_seconds": 2, "auto_hashtag_limit": 5, "sentiment_analysis": true, "enable_streaming": false, "archive_tweets": true }, "dependencies": [ "tweepy>=4.14.0", "python-twitter-v2>=0.9.0", "requests>=2.31.0", "requests-oauthlib>=1.3.1", "python-dotenv>=1.0.0", "pandas>=2.0.0", "beautifulsoup4>=4.12.0", "schedule>=1.2.0", "textblob>=0.17.1", "Pillow>=10.0.0" ], "configuration": { "credentials_file": "/.openclaw/twitter_credentials.json", "cache_dir": "/.openclaw/cache/twitter", "log_file": "/.openclaw/logs/twitter.log", "archive_dir": "/.openclaw/archives/twitter" }, "api_endpoints": { "tweet": "/2/tweets", "search": "/2/tweets/search/recent", "users": "/2/users", "timeline": "/2/users/:id/tweets", "likes": "/2/users/:id/likes", "retweets": "/2/tweets/:id/retweets", "followers": "/2/users/:id/followers", "following": "/2/users/:id/following", "spaces": "/2/spaces", "lists": "/2/lists", "media": "/1.1/media/upload" }, "examples": [ { "action": "post_tweet", "description": "Post a simple tweet", "command": "openclaw twitter post 'Hello from OpenClaw! #automation'" }, { "action": "post_thread", "description": "Post a Twitter thread", "command": "openclaw twitter thread 'Thread part 1' 'Thread part 2' 'Thread part 3'" }, { "action": "search_tweets", "description": "Search for recent tweets", "command": "openclaw twitter search '#AI OR #MachineLearning' --count 50" }, { "action": "get_trends", "description": "Get trending topics", "command": "openclaw twitter trends --location 'United States'" }, { "action": "analyze_account", "description": "Analyze a Twitter account", "command": "openclaw twitter analyze @username --metrics engagement,growth" }, { "action": "schedule_tweet", "description": "Schedule a tweet for later", "command": "openclaw twitter schedule 'My scheduled tweet' --time '2026-02-03 10:00'" }, { "action": "auto_reply", "description": "Set up auto-reply for mentions", "command": "openclaw twitter auto-reply --keywords 'support,help' --message 'Thanks for reaching out!'" }, { "action": "monitor_mentions", "description": "Monitor brand mentions in real-time", "command": "openclaw twitter monitor @brandname --alert-webhook https://hooks.example.com" }, { "action": "export_analytics", "description": "Export tweet analytics", "command": "openclaw twitter analytics --days 30 --format csv --output ~/twitter_stats.csv" }, { "action": "manage_followers", "description": "Follow users based on criteria", "command": "openclaw twitter follow --search '#devops' --min-followers 100 --limit 20" } ], "error_handling": { "rate_limit_exceeded": "Wait and retry with exponential backoff", "authentication_failed": "Check credentials in configuration file", "invalid_tweet": "Validate tweet length and media before posting", "network_error": "Retry with timeout increase", "api_deprecated": "Update to latest API version" }, "best_practices": [ "Always respect Twitter's rate limits and terms of service", "Store API credentials securely in environment variables or encrypted files", "Implement proper error handling and logging", "Use webhook notifications for important events", "Cache frequently accessed data to reduce API calls", "Validate tweet content before posting", "Monitor API usage to avoid hitting quotas", "Implement gradual ramping for automated actions", "Add delays between bulk operations to appear more human-like", "Regularly backup important tweet data and analytics" ], "security": { "credential_encryption": true, "api_key_rotation": "recommended", "oauth_token_refresh": "automatic", "sensitive_data_filtering": true, "audit_logging": true } }

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…