ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wip Xai X Private

X Platform API. Read posts, search tweets, get bookmarks, post tweets, upload media.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 24 · 0 current installs · 0 all-time installs
byParker Todd Brooks@parkertoddbrooks
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement an X Platform API wrapper (read + write, search, bookmarks, media upload) which aligns with the name/description. However the registry metadata claims no required environment variables while SKILL.md and the code clearly expect X_BEARER_TOKEN / X_API_KEY / X_API_SECRET / X_ACCESS_TOKEN / X_ACCESS_TOKEN_SECRET (and optional X_OP_VAULT/X_OP_ITEM). That metadata mismatch is incoherent and should be corrected.
!
Instruction Scope
SKILL.md and auth.mjs instruct the agent to resolve credentials via environment variables or by invoking the 1Password CLI. The code uses child_process.execSync('op read ...') to pull fields from 1Password and uses readFileSync(file_path) to load files for upload. Reading secrets from 1Password and reading arbitrary local file paths (then uploading them to X) are within the stated feature set, but they are sensitive actions and expand the runtime scope beyond simple API calls.
Install Mechanism
This is instruction- and code-based (no download install spec). Package.json lists normal npm dependencies (@xdevplatform/xdk, @modelcontextprotocol/sdk). There is no remote archive download or obscure install URL. Risk from install mechanism itself is low.
!
Credentials
The credentials requested (bearer token and full OAuth 1.0a tokens) are appropriate for a Twitter/X wrapper. However the registry metadata does not declare these required env vars while SKILL.md and auth.mjs do, and auth.mjs also reads X_OP_VAULT/X_OP_ITEM (1Password configuration) not declared in metadata. The code also runs the 'op' CLI which will read secrets from the user's 1Password; lack of explicit declaration in the registry is a red flag for transparency.
Persistence & Privilege
The skill is not marked always:true and does not change other skills' configs. It exposes an MCP stdio server which registers tools the agent can call; combined with the ability to upload arbitrary local files, that creates an elevated exfiltration risk if the agent is allowed to invoke the skill autonomously. Autonomous invocation alone is normal but should be considered in light of the file-read + external upload capability.
What to consider before installing
This repo mostly does what it says (X API wrapper) but pay attention to three things before installing: 1) Metadata mismatch — the registry claims no required env vars but the skill expects X_BEARER_TOKEN and/or the full OAuth 1.0a tokens (and optional X_OP_VAULT/X_OP_ITEM). Ask the publisher to declare these explicitly. 2) auth.mjs runs the 1Password CLI via execSync to read secrets: that will execute a shell command in your environment to access vault items; if you prefer, provide credentials via environment variables instead and ensure the 'op' CLI isn't available or pointed at unrelated vaults. 3) upload_media reads local files by path (readFileSync) and will upload their contents to X — do not allow the skill to run in contexts where it can access sensitive files, and be cautious about allowing autonomous agent invocation of the MCP tools (an agent could call upload_media to exfiltrate files). Recommended actions: review/verify the code yourself, ensure registry metadata is corrected, run the skill in a least-privileged environment, and avoid granting it access to secrets or sensitive filesystem paths unless you trust the author and have validated the code.
auth.mjs:19
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.4
Download zip
latestvk9760z93msratvm413y799e0ys831w0k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

wip-xai-x

X Platform API. Sensor (read) + Actuator (write). All X Platform functions in one tool.

When to Use This Skill

Sensor: Read

Use fetch_post for:

  • Getting the full content of a specific tweet by URL or ID
  • Reading replies, quotes, engagement metrics
  • Extracting tweet data for processing

Use search_recent for:

  • Finding tweets matching a query (last 7 days)
  • Searching by hashtags, mentions, or keywords
  • Getting raw tweet data (not AI-summarized... use wip-xai-grok search_x for that)

Use get_bookmarks for:

  • Reading the user's bookmarked tweets
  • Reviewing saved content

Use get_user for:

  • Looking up a user's profile, bio, follower count
  • Checking if an account exists

Actuator: Write

Use post_tweet for:

  • Posting new tweets
  • Replying to existing tweets
  • Quote-tweeting with commentary
  • Posting with images or video (upload first)

Use upload_media for:

  • Uploading images (PNG, JPG, GIF, WebP)
  • Uploading video (MP4)
  • Getting media IDs for use in post_tweet

Use delete_tweet for:

  • Removing a previously posted tweet

Use bookmark_post for:

  • Saving a tweet for later

Do NOT Use For

  • AI-powered search summarization (use wip-xai-grok search_web or search_x instead)
  • Image generation (use wip-xai-grok generate_image)
  • Video generation (use wip-xai-grok generate_video)
  • Trending topic analysis (use wip-xai-grok search_x for AI-summarized trends)

API Reference

fetch_post(options)

const result = await fetch_post({ id_or_url: 'https://x.com/user/status/123' });
// result: { data, includes, errors }

Options: id_or_url (required). Accepts tweet ID or full URL.

search_recent(options)

const result = await search_recent({ query: 'AI agents', max_results: 20 });
// result: { data, includes, meta, errors }

Options: query (required), max_results (10-100), start_time, end_time, sort_order

get_bookmarks(options)

const result = await get_bookmarks({ max_results: 20 });

Options: max_results, pagination_token. Requires OAuth.

get_user(options)

const result = await get_user({ username_or_id: 'parkertoddbrooks' });

Options: username_or_id (required). Accepts username (with or without @) or numeric ID.

post_tweet(options)

const result = await post_tweet({ text: 'Hello world', reply_to: '123', media_ids: ['456'] });
// result: { data: { id, text }, errors }

Options: text (required), reply_to, media_ids, quote_tweet_id. Requires OAuth.

upload_media(options)

const result = await upload_media({ file_path: './photo.jpg' });
// result: { data: { id }, errors }

Options: file_path (required), media_type (auto-detected), media_data (base64 alternative)

delete_tweet(options)

const result = await delete_tweet({ id: '123456' });

Options: id (required). Requires OAuth.

Troubleshooting

"X Platform API credentials not found"

Set X_BEARER_TOKEN for read-only, or all four OAuth tokens for read+write. 1Password: vault "Agent Secrets", item "X Platform API".

"Could not resolve authenticated user ID"

Bookmarks and write operations need OAuth 1.0a (all four tokens), not just bearer token.

403 Forbidden on post/delete

Your app needs "Read and Write" permissions in the X Developer Portal. Check at https://developer.x.com/en/portal/dashboard

Rate limits

X API v2 has per-endpoint rate limits. The SDK handles rate limit headers automatically. If you hit limits, back off and retry.

API Documentation

Files

13 total
Select a file
Select a file to preview.

Comments

Loading comments…