Twexapi CLI

v0.1.1

Use this skill when the task should be done through the twexapi command-line client, including installing the CLI, configuring app or profile auth, previewin...

⭐ 0· 149·0 current·0 all-time

by@yeahjjyy

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yeahjjyy/twexapi-cli.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Twexapi CLI" (yeahjjyy/twexapi-cli) from ClawHub.
Skill page: https://clawhub.ai/yeahjjyy/twexapi-cli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install twexapi-cli

ClawHub CLI

Package manager switcher

npx clawhub@latest install twexapi-cli

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included code and SKILL.md: this is a command-line client for twexapi endpoints, with support for saved app configs and profiles, dry-run previews, and both convenience commands and raw path requests. The code and instructions only request the API key, cookies, auth_token, and an optional config-dir/base-url — all relevant to the stated purpose.

✓

Instruction Scope

SKILL.md and the code limit actions to installing/running the CLI, building HTTP requests to the twexapi base URL, and reading/writing the CLI config (default ~/.twexapi/config.json). There are no instructions to scan unrelated system files, exfiltrate arbitrary data, or call unexpected external endpoints beyond the configured base URL. The CLI warns about paths that may contain the auth_token in URLs and recommends dry-run before write actions.

✓

Install Mechanism

No custom install spec is embedded; SKILL.md recommends installing the published npm package or running the local node entrypoint. This is a common, low-risk install pattern. Users should still verify the npm package's origin before installing globally.

ℹ

Credentials

The skill uses TWEXAPI_KEY, TWEXAPI_BASE_URL, and TWEXAPI_CONFIG_DIR (all relevant to a CLI that calls an API). Registry metadata did not declare required env vars, but the code and README document them. Important: saved app configs and profiles may store API keys, cookies, auth_token, and ct0 in plain JSON at ~/.twexapi/config.json (or a custom config-dir). This is expected for this tool but increases risk on shared machines or CI unless an isolated config-dir is used.

✓

Persistence & Privilege

The skill does persist its own config under a dedicated directory and will write config files (saveConfig). It does not request always:true, does not alter other skills, and does not require system-wide privileges. Use of an isolated --config-dir is supported and recommended for safer testing.

Assessment

This skill appears to do what it says: it's a CLI for twexapi and needs an API key and/or cookie/auth_token to make requests. Before installing: 1) Verify you trust the npm package/source (npm install -g runs third-party code). 2) Be aware that credentials (API key, cookies, auth_token, ct0) are stored as plain JSON by default at ~/.twexapi/config.json — use --config-dir or TWEXAPI_CONFIG_DIR to isolate or avoid leaving secrets on shared machines/CI. 3) Prefer --dry-run before performing write actions and avoid pasting long-lived tokens into shared logs. 4) If you need higher assurance, inspect the included source files (they're present here) or run the CLI from a local checkout rather than installing globally.

Like a lobster shell, security has layers — review code before you run it.

latestvk97773ap49a6ks74fpgqzwpem5836shk

149downloads

0stars

2versions

Updated 1mo ago

v0.1.1

MIT-0

twexapi-cli

Use this skill when the task should be completed by running twexapi commands instead of re-implementing request logic by hand.

Use this skill when

the user wants to install or run the twexapi CLI
the user wants to configure an API key, cookie, or auth_token
the user wants to test or inspect requests with --dry-run
the user wants to call supported twexapi commands for users, tweets, search, followers, following, lists, or follow actions
the user knows an endpoint path and wants to call it through the generic twexapi <path> form

Do not treat this skill as the main interface when the task is to edit the CLI source code itself.

Default approach

Confirm the CLI is available.
Make sure an app config or API key is available for read requests.
Make sure a saved profile or explicit cookie is available for write requests.
Prefer convenience commands first.
Fall back to twexapi <path> only when no convenience command fits.
Use --dry-run before real write actions unless the user explicitly asks to execute them.

Install and run

For normal users, prefer the published npm package:

npm install -g twexapi-cli
twexapi --help

When working from this repository:

node ./bin/twexapi.js --help

If a local executable is needed while developing:

npm link
twexapi --help

Requires Node.js 18 or newer.

Auth rules

API keys come from https://twexapi.io/dashboard.
For one-off commands, TWEXAPI_KEY or --api-key is acceptable.
The CLI also respects TWEXAPI_BASE_URL and TWEXAPI_CONFIG_DIR.
For repeated usage, prefer saved app configs with auth apps add.
For write actions, require either --cookie or a saved profile.
If a write action is requested without a usable profile or cookie, stop and ask for auth details instead of guessing.
By default the CLI reads and writes persistent config in ~/.twexapi/config.json.
Saved app configs may include API keys, and saved profiles may include cookies, auth_token, or ct0 in plain JSON.
On shared machines or CI, prefer --config-dir or TWEXAPI_CONFIG_DIR to isolate credentials.

App setup:

twexapi auth apps add --name prod --api-key "twitterx_..."
twexapi auth apps use prod

Profile setup from cookie:

twexapi auth profiles add --name founder --cookie "ct0=...; auth_token=..."
twexapi auth profiles use founder

Profile setup from auth token:

twexapi auth cookie --auth-token "your_auth_token" --save-as founder

Inspect config:

twexapi config show
twexapi config path

Command selection

Prefer convenience commands such as:

twexapi --app prod about elonmusk
twexapi --app prod users elonmusk sama
twexapi --app prod search users "openai" --count 20
twexapi --app prod tweet lookup 1900000000000000000

Use the generic path form when the endpoint is known but not wrapped:

twexapi /twitter/elonmusk/about
twexapi -X POST -d '["elonmusk","sama"]' /twitter/users

Safety and execution rules

Put global options such as --app, --profile, --api-key, and --dry-run before the command.
For write actions like tweet create, tweet like, user follow, and list create, prefer --dry-run first.
Only send the real write request after the user clearly wants execution.
The CLI masks secrets in config output and dry-run previews, but still avoid echoing raw credentials back to the user.
auth cookie uses a request path that contains the auth_token, so be careful with logs and traces.
Local media file upload is not implemented; tweet creation supports --media-url.
DM commands are not included.

Recommended test flow

Use an isolated config directory for local testing:

twexapi --config-dir ./.twexapi-local config show

Recommended order:

Verify the CLI starts with twexapi --help or node ./bin/twexapi.js --help.
Verify a read command such as about or users.
Verify a raw-path request if needed.
Verify write-command request construction with --dry-run before any real write action.

Comments

Loading comments...