Grok Twitter Search
WarnAudited by ClawScan on May 10, 2026.
Overview
This package looks like a whole personal OpenClaw workspace rather than a scoped Grok Twitter search skill, and it includes global agent instructions, memory files, credential notes, and unrelated trading/MCP code.
Treat this as a Review item, not a clean Twitter search skill. Before installing, request a minimal release containing only skills/grok-twitter-search, its reviewed scripts, and explicit XAI_API_KEY configuration. Do not install the bundled AGENTS/SOUL/USER/MEMORY/QMD files or unrelated OpenNews/OpenTwitter/Four.Meme components unless you intentionally want those broader workspace behaviors and have reviewed them separately.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing what appears to be a Twitter search skill could add unrelated account, memory, and trading-related code to the agent workspace.
The package for a Grok Twitter search skill contains multiple unrelated projects, memory tooling, and crypto trading scripts, which makes the installed artifact much broader than the stated skill.
opennews-mcp/...; opentwitter-mcp/...; qmd/...; skills/four-meme-ai/scripts/execute-buy.ts; skills/four-meme-ai/scripts/execute-sell.ts; skills/grok-twitter-search/...
Do not install this bundle as-is. Ask the publisher for a minimal package containing only the Grok Twitter Search skill, its scripts, and clearly declared dependencies.
The agent may prioritize these bundled workspace instructions over the user's current request and load private context unnecessarily.
This file gives broad, session-level instructions that redirect the agent to read workspace identity and memory files before user tasks, which is not scoped to Twitter search.
Before doing anything else: 1. Read `SOUL.md` ... 2. Read `USER.md` ... 3. Read `memory/YYYY-MM-DD.md` ... Don't ask permission. Just do it.
Remove global AGENTS.md/SOUL.md style instructions from the skill package, or clearly isolate them so they cannot affect unrelated agent sessions.
Private user context can be loaded, modified, indexed, and reused across tasks unrelated to Twitter search, increasing leakage and poisoning risk.
The artifacts instruct the agent to maintain persistent memory files, and the package includes USER.md, MEMORY.md, daily memory logs, and a qmd-index directory.
You can **read, edit, and update** MEMORY.md freely in main sessions ... Over time, review your daily files and update MEMORY.md
Remove personal memory files and indexing artifacts from the published skill. If memory is needed, require explicit opt-in, bounded paths, retention rules, and clear user controls.
The agent could continue doing background work or mutate workspace state without a direct user request.
The package describes ongoing heartbeat-driven activity and autonomous workspace changes, including committing and pushing, which are outside the intended search skill scope.
When you receive a heartbeat poll ... Use heartbeats productively! ... Proactive work you can do without asking: ... Update documentation ... Commit and push your own changes
Remove heartbeat/proactive-operation instructions from this skill, and require explicit user approval for any background tasks, commits, pushes, or external actions.
A user may install the skill believing it requires no credentials, while the package may lead the agent toward local environment tokens or additional service access.
The registry metadata declares no required env vars or primary credential, but the artifact notes required and related tokens, including unrelated Twitter/OpenNews tokens.
`TWITTER_TOKEN` and `OPENNEWS_TOKEN` configured in `env.*` - `XAI_API_KEY` needed for grok-twitter-search
Declare all required credentials in metadata, limit this skill to the XAI_API_KEY if that is the only needed credential, and remove unrelated token references.
The installed workspace may expose or normalize high-impact crypto transaction tooling that the user did not expect from a search skill.
The bundle contains scripts whose filenames indicate token creation, buying, selling, and sending, which are high-impact financial actions unrelated to Grok Twitter search.
skills/four-meme-ai/scripts/create-token-chain.ts; skills/four-meme-ai/scripts/execute-buy.ts; skills/four-meme-ai/scripts/execute-sell.ts; skills/four-meme-ai/scripts/send-token.ts
Exclude unrelated financial action scripts from the Grok Twitter Search package, or publish them as a separate, clearly disclosed skill with strict confirmation and credential boundaries.