ClawHub

X/Twitter All-in-One: 30+ APIs, OAuth Post, One Key

v1.0.6

Searches and reads X (Twitter): profiles, timelines, mentions, followers, tweet search, trends, lists, communities, and Spaces. Publishes posts after the use...

1· 1.4k·1 current·1 all-time
by@bowen-dotcom·duplicate of @0xjordansg-yolo/openclaw-twitter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim read/search/post capabilities on X/Twitter. The packaged Python clients and SKILL.md consistently call https://api.aisa.one endpoints and implement read APIs and an OAuth posting relay, so required binaries (python3, curl) and the single AISA_API_KEY credential are appropriate for the declared functionality.
Instruction Scope
Runtime instructions and references direct the agent to call the AIsa API and, for posting, to read local workspace media files and upload them to the relay. This is within the posting purpose, but it means user media and post content are transmitted to a remote service (api.aisa.one). The oauth client can also open the browser for authorization and reads optional env vars (e.g., TWITTER_RELAY_BASE_URL) not listed in requires.env.
Install Mechanism
No install spec (instruction-only) and included scripts are local Python files — nothing is downloaded at install time. This is a low-risk install mechanism; no external installers or arbitrary URL downloads are used.
Credentials
The skill only requires AISA_API_KEY (declared as primaryEnv), which matches the code that uses a Bearer key for api.aisa.one. The oauth client reads optional environment values (TWITTER_RELAY_BASE_URL, TWITTER_RELAY_TIMEOUT) that are reasonable defaults but are not strictly required; no unrelated secrets are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. It runs on demand (user-invocable) and can be invoked autonomously per platform defaults; that is normal and not by itself a red flag.
Assessment
This skill appears internally consistent: it uses a single AISA_API_KEY to call api.aisa.one for reading Twitter/X data and for OAuth-based posting. Before installing, verify you trust the aisa.one / api.aisa.one service because any media files or post content will be uploaded to that relay for publishing. Check the scope and revocation process for the AISA_API_KEY you provide, avoid using sensitive or private files, and review the README/references for authorization flow details. If you need to limit autonomous use, consider controlling whether the agent can invoke the skill automatically in your environment (the skill is user-invocable and may be called by agents by default).

Like a lobster shell, security has layers — review code before you run it.

latestvk9711bgnxb2as0a0gsd6hc5svd83zwfm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐦 Clawdis
Binscurl, python3
EnvAISA_API_KEY
Primary envAISA_API_KEY

Comments