Monitor X posts
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears coherent for scheduled X/Twitter monitoring, but it uses a local X API token and recurring agent cron jobs that users should set up deliberately.
Install only if you are comfortable providing an X API bearer token and allowing scheduled agent checks. Use a limited token, review the cron schedule, and delete or disable the local history and jobs when you no longer need monitoring.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to that local credentials file may be able to use the X API token and consume quota or access whatever the token permits.
The skill uses a local X API bearer token. This is expected for polling X, but it is a sensitive credential and the registry metadata declares no primary credential.
Save your X API credentials to `~/.openclaw/workspace/x-monitor/credentials.json` ... { "bearer_token": "YOUR_BEARER_TOKEN_HERE" }Use a least-privilege/read-only X API token if possible, protect the credentials file, and revoke the token when no longer needed.
Scheduled checks may continue to run and use API quota until the cron jobs are disabled or removed.
The skill can create recurring scheduled agent turns. This persistence is disclosed and purpose-aligned, but it means the agent may keep running checks after setup.
Create isolated cron jobs using `agentTurn` payloads ... Each job runs: fetch tweets → filter for noteworthy → deliver summary
Review the configured schedule before setup, keep `enabled` false when paused, and remove the cron jobs if you no longer want automated monitoring.
Tweets from monitored accounts will remain in a local history file and may be reused or reviewed later by the agent.
Fetched tweet text and metrics are stored locally as persistent history for up to 50 checks.
history_file = BASE_DIR / 'tweet_history.json' ... history["checks"].insert(0, check_entry) ... Keep only last 50 checks
Monitor only accounts you are comfortable storing locally, periodically delete `tweet_history.json` if desired, and treat tweet text as untrusted content.
The scripts may fail or rely on whatever local versions of Python libraries and tools are already installed.
The package still includes executable helper scripts, and the metadata does not declare their runtime dependencies. No remote install or hidden download is shown.
No install spec — this is an instruction-only skill.
Inspect the included scripts before running them and install any needed dependencies from trusted sources.