ClawHub

SurfAgent X Engagement

v1.3.0

Growth-oriented X engagement skill for SurfAgent, covering founder-style replies, community participation, audience-building loops, and proof-aware engagemen...

0· 64·0 current·0 all-time
by@surfagentapp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the runtime instructions: the SKILL.md is a playbook for human-like engagement on X and explicitly delegates actual reads/actions to an `x` adapter and `browser-operations`. It does not claim capabilities that would justify extra credentials or installs.
Instruction Scope
Instructions stay on-task (finding posts, deciding like/reply/quote, verifying actions). The skill directs the agent to perform actions via other adapter tools; it does not itself instruct reading unrelated files or contacting external endpoints. However, it grants the agent broad discretion to execute engagement actions via other skills, so the safety of actual actions depends on those adapter implementations and the permissions they have.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be downloaded or written to disk by this skill itself.
Credentials
This skill declares no env vars or credentials (proportionate). Important caveat: runtime use requires the `x` adapter or `browser-operations`, which may themselves require API keys, OAuth tokens, or browser session credentials. Those credentials are outside this skill but are necessary for the overall behavior—verify those adapters' requirements before granting access.
Persistence & Privilege
always is false and the skill does not request persistent system-wide presence or modify other skills' configs. The agent can invoke it (normal), but autonomous actions will depend on platform defaults and the permissions of the adapters it calls.
Assessment
This skill is a playbook and by itself is not requesting secrets or installing code, so it appears coherent. Before installing or enabling it for automated use: (1) inspect and trust the `x` adapter and `browser-operations` skills it calls—those components will need account credentials or browser sessions to act on your behalf; (2) limit tokens/permissions to only what's necessary (prefer scoped OAuth tokens rather than full-account credentials); (3) monitor activity logs and review posted replies to ensure behavior matches your brand voice; and (4) if you run multiple X accounts, confirm the agent will always verify and operate on the intended account to avoid accidental posting.

Like a lobster shell, security has layers — review code before you run it.

latestvk97em3nyknw4k0fy7s0ahx68t584khvc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis

Comments