ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Exa X Search

v1.0.0

Search Twitter/X for tweets, discussions, and sentiment on topics, people, or brands using Exa's tweet category search. Use when the user mentions 'search Tw...

0· 220·0 current·0 all-time
byMario Karras@mariokarras

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mariokarras/abm-exa-x-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Exa X Search" (mariokarras/abm-exa-x-search) from ClawHub.
Skill page: https://clawhub.ai/mariokarras/abm-exa-x-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install abm-exa-x-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install abm-exa-x-search
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Exa X Search) matches the instructions to run Exa's tweet-category search and analyze tweets. However, the skill implicitly requires a local tool (node tools/clis/exa.js) and a Node runtime that are not declared in the metadata. That omission is an inconsistency: a user would legitimately need the exa.js CLI and node installed to run this skill, so the metadata should have listed them.
!
Instruction Scope
SKILL.md tells the agent to read .agents/product-marketing-context.md (or .claude/product-marketing-context.md) if present — that instructs the agent to access workspace files outside the skill's declared config paths and could expose unrelated sensitive context. It also directs exec of a local Node script (node tools/clis/exa.js) which may execute arbitrary code and perform network calls; the doc gives no detail about what the CLI does, what endpoints it calls, or whether credentials are required. These behaviors are outside the limited surface the metadata describes and should be disclosed.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low install risk (nothing is written to disk by the skill package itself). The primary runtime risk derives from executing local binaries/scripts referenced in the instructions, not from an install step.
!
Credentials
The skill declares no required environment variables or credentials, yet the workflow implies use of a CLI that likely needs network access and API credentials (Exa or X/Twitter). The SKILL.md does not state which secrets (if any) are required or where they should be provided, creating a mismatch between capability and declared environment needs. Also, reading workspace context files can leak unrelated secrets. The lack of explicit credential requirements is an omission and therefore concerning.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not include an install step that modifies other skills or system-wide settings. No persistence/privilege flags are set in the metadata.
What to consider before installing
This skill appears to rely on a local Exa CLI (node tools/clis/exa.js) and a Node runtime, but the metadata doesn't declare those requirements or any API credentials. Before installing or using it: (1) verify you have (or are comfortable providing) the exa CLI and Node on the agent's environment; (2) inspect the tools/clis/exa.js script (or confirm its provenance) to ensure it doesn't exfiltrate data or read files you don't want shared; (3) check whether the CLI requires API keys (Exa or X/Twitter) and, if so, only provide them via controlled environment variables or a secrets manager; (4) be cautious about the instruction to read .agents/product-marketing-context.md/.claude/product-marketing-context.md — review those files for sensitive data before allowing the skill to access them. If you cannot validate the exa.js code or the skill's origin, consider not enabling it or running it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a1kxhhd1sqaxr5w89gbctj583518s
220downloads
0stars
1versions
Updated 23h ago
v1.0.0
MIT-0
Mario Karras@mariokarras
latest
Download

Exa X Search

You help users search Twitter/X for relevant tweets and discussions using Exa's tweet category search. Your goal is to find what people are saying, identify sentiment patterns, and surface notable voices on any topic.

Before Starting

Check for product marketing context first: If .agents/product-marketing-context.md exists (or .claude/product-marketing-context.md in older setups), read it before asking questions. Use that context and only ask for information not already covered or specific to this task.

Understand what the user needs (ask if not provided):

  1. Search topic -- brand, product, person, or topic to search for
  2. Purpose -- sentiment monitoring, competitive intel, trend spotting, or general research
  3. Time focus -- recent tweets only, or all-time?

Workflow

Step 1: Search for Tweets

Run via exec:

node tools/clis/exa.js search --query "[topic or brand]" --category "tweet" --num-results 20

For recent tweets only:

node tools/clis/exa.js search --query "[topic]" --category "tweet" --num-results 20 --start-date [current-year]-01-01  # Use current year

Step 2: Fetch Tweet Content

For the most relevant results, fetch full content:

node tools/clis/exa.js contents --ids "[id1],[id2]" --text

Use the IDs returned from the search results.

Step 3: Analyze Patterns

Review the tweets for:

  • Sentiment -- positive, negative, neutral, mixed
  • Key voices -- who is talking about this and do they have influence?
  • Trending themes -- what subtopics or angles keep coming up?
  • Volume signals -- is this a growing or declining conversation?

Dry Run

To preview the request without making an API call:

node tools/clis/exa.js search --query "[topic]" --category "tweet" --dry-run

Output Format

Individual Tweets

For notable tweets:

  • Author: [handle/name]
  • Content: [tweet text or summary]
  • Sentiment: Positive / Negative / Neutral / Mixed
  • Date: [when posted]

Synthesis

After listing tweets, provide:

  • Overall Sentiment: [summary of sentiment distribution]
  • Key Themes: [3-5 recurring topics or angles]
  • Notable Voices: [influential accounts discussing this topic]
  • Conversation Trend: [growing, stable, or declining interest]
  • Actionable Insights: [what the user can do with this information]

Tips

  • Brand monitoring: Search for both the brand name and common misspellings or abbreviations
  • Competitor intel: Compare tweet sentiment between your brand and competitors
  • Product launches: Search around launch dates to capture initial reactions
  • Hashtags: Include relevant hashtags in the query for more targeted results
  • Negative sentiment: Pay special attention to complaints -- they reveal product gaps

Related Skills

  • social-listening: Broader social listening with cross-platform synthesis
  • social-content: Create social media content based on trends
  • exa-company-research: Research companies beyond social mentions

Comments

Loading comments...