ClawHub

the skill to browse X

v1.0.0

X/Twitter CLI using OpenClaw browser tool. Use when the user wants to interact with X/Twitter: reading timeline, posting tweets, liking, retweeting, replying...

1· 367·1 current·1 all-time
byWilliam Xu@coding-commits
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md tells the agent to drive the OpenClaw browser to view or interact with X. It does not request unrelated credentials, binaries, or installs. The only implicit requirement is an OpenClaw browser profile (and Xvfb for headless servers), which is appropriate for a browser-based tool.
Instruction Scope
Instructions are narrowly scoped to opening X URLs, taking snapshots, finding element refs, clicking, typing, and similar UI interactions. They do not instruct the agent to read arbitrary files, environment variables, or send data to endpoints other than X. Write actions require an authenticated browser session and the docs explicitly advise confirming content before posting.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is downloaded or written to disk by the skill itself. This is the lowest-risk install profile.
Credentials
The skill requires a logged-in OpenClaw browser profile to perform write actions (cookies/session act as the credential). While this is proportionate to the stated functionality, it effectively grants the agent the ability to act as the logged-in user if invoked, so session/cookie exposure is the primary credential-related risk.
Persistence & Privilege
always is false (normal). The skill can be invoked autonomously by the agent (platform default). Combined with access to a logged-in browser profile, autonomous invocation could perform account actions (post/like/follow) without explicit human approval unless the agent or platform enforces confirmation.
Assessment
This skill is coherent and low-risk from a static/install perspective because it's instruction-only and asks for no extra secrets. The main operational risk is that it uses your OpenClaw browser profile (cookies/session) to perform write actions on your X account. Before installing or using it: (1) only grant it an isolated browser profile if you want to limit access to your real account; (2) require manual confirmation or disable autonomous agent actions for any write operation (posting/liking/following); (3) be aware that in headless environments Xvfb and DISPLAY settings are needed; (4) note the skill source is unknown—if you need provenance, ask the publisher for more info. If you do not want an agent to act on your logged-in X session, do not provide a logged-in profile or restrict invocation to manual only.

Like a lobster shell, security has layers — review code before you run it.

latestvk972des6fnrn9jpnzerbrvq8v581zn9d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments