ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

X Search (Grok API)

v1.0.0

Search X (Twitter) for account posts, trending topics, or topic discussions using Grok API. Outputs Obsidian-ready Markdown.

0· 88·0 current·0 all-time
by@wangyue55

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wangyue55/x-search-grok.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "X Search (Grok API)" (wangyue55/x-search-grok) from ClawHub.
Skill page: https://clawhub.ai/wangyue55/x-search-grok
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install x-search-grok

ClawHub CLI

Package manager switcher

npx clawhub@latest install x-search-grok
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md are consistent with the stated purpose: they call the xAI/Grok responses endpoint to produce structured X/Twitter search summaries and save them as Markdown. However, the registry metadata claims no required env vars or installs while the SKILL.md and code clearly require XAI_API_KEY (and optionally XAI_MODEL) and Python packages (requests, pyyaml). That mismatch between declared metadata and actual requirements is an incoherence.
Instruction Scope
Runtime instructions and scripts stay within the stated purpose: they build prompts for the Grok API, parse structured output, and optionally save results to user-specified files. The watchlist script runs the local search script via subprocess; files are written only to paths the user supplies or their home directories. There are no instructions to read unrelated system files, other credentials, or to transmit data to unexpected endpoints beyond api.x.ai.
Install Mechanism
This is effectively an instruction-only skill (no complex installer). The SKILL.md recommends installing 'requests' and 'pyyaml' via pip; there is no registry install specification. The included code uses only standard Python plus requests/pyyaml and does not download arbitrary executables or archives. The mismatch between declared install spec (none) and SKILL.md is the main issue, but the install mechanism itself is low-risk.
Credentials
The code requires a single service credential (XAI_API_KEY) and optionally XAI_MODEL; these are proportional to calling the x.ai API. The problem: the registry metadata reported 'Required env vars: none' while SKILL.md and code require XAI_API_KEY. No other unrelated credentials are requested. Ensure XAI_API_KEY is the only secret you provide and that you trust the x.ai endpoint.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide configs. It writes output files to user-specified paths and can be scheduled via OpenClaw cron as documented; that is expected for a monitoring/watchlist tool. Scheduling does increase blast radius if you place credentials in environment variables accessible to scheduled jobs — follow least privilege practices.
What to consider before installing
This skill mostly does what it says: it calls api.x.ai to produce structured summaries of X/Twitter content and saves Obsidian-friendly Markdown. Before installing: 1) Confirm the XAI API key requirement — registry metadata omitted XAI_API_KEY but the code will exit if it is not set. 2) Verify the SKILL.md GitHub source (https://github.com/wangyue55/x-search-skill) and review the full code if you don't trust it. 3) Only provide XAI_API_KEY (and optionally XAI_MODEL) — do not pass other secrets. 4) Be cautious when scheduling runs: scheduled jobs will have access to any environment variables available to the scheduler, so avoid exposing other credentials. 5) If you need stronger assurance, ask the author to correct the registry metadata to declare required env vars and pip deps, or run the scripts in an isolated sandbox first.

Like a lobster shell, security has layers — review code before you run it.

latestvk979cn0c0xsnkf5wdtghx0dzy983t59v
88downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@wangyue55
latest
Download

X Search

Search X (Twitter) via Grok API. Outputs Obsidian-ready Markdown.

Prerequisites

Ensure XAI_API_KEY is set:

export XAI_API_KEY=your_key_here

Get your API key at x.ai/api (xAI developer console).

Default model is grok-4-1-fast-reasoning. To override:

export XAI_MODEL=grok-4

Install dependency if needed:

pip install requests

Invocation

Slash Command

/x-search account @elonmusk --time 24h
/x-search account @user1 @user2 --time 48h
/x-search account @sama --count 10
/x-search --lang en account @elonmusk --count 5
/x-search trends "#AI" "#LLM"
/x-search --lang en trends "#AI" "#crypto"
/x-search topic "Claude MCP"
/x-search --lang ja topic "AI規制"

--lang controls the language of summaries, keyword explanations, and translations (default: zh). When --lang en, the translation field is omitted since the original is already in English.

--output saves the result to a Markdown file (stdout is preserved):

  • Pass a directory → auto-named file: karpathy-2026-03-22.md, trends-AI-2026-03-22.md, etc.
  • Pass a full path → saved directly to that path
  • Same-day runs overwrite the existing file (no duplicate accumulation)

--progress-only suppresses full Markdown on stdout — prints one summary line instead. Use with --output in automated pipelines (watchlist, cron) to avoid injecting large outputs into the agent context.

Natural Language

  • "Search X for @elonmusk's posts in the last 24 hours"
  • "X上搜索@sama和@elonmusk最新的10条推文"
  • "Find trending posts about #AI on X in English"
  • "X上关于Claude MCP的热点讨论"

How to Run

Find the script at ~/.claude/skills/x-search/x_search.py (or the symlinked path).

# Account mode — by time range
python3 ~/.claude/skills/x-search/x_search.py account @elonmusk --time 24h

# Account mode — by post count
python3 ~/.claude/skills/x-search/x_search.py account @user1 @user2 --count 10

# Trends mode — top 10 posts per trend
python3 ~/.claude/skills/x-search/x_search.py trends "#AI" "#LLM"

# Topic mode — hot discussions
python3 ~/.claude/skills/x-search/x_search.py topic "Claude MCP"

Output

Results are printed as Obsidian-ready Markdown.

Context efficiency: When results are large (multiple accounts, long time ranges) or when --output is provided, save to file and show only a brief summary to the user (e.g., "Found 12 posts from @karpathy, saved to ~/obsidian/X/karpathy-2026-03-22.md"). Only present the full content inline when the result is short or the user explicitly asks to see it.

For account mode, after showing results (or summary) ask:

"是否保存到文件?(例如:~/obsidian/X/@elonmusk-2026-03-22.md)"

If the user provides a path, run again with --output <path>.

Watchlist

Run all your monitored accounts, trends, and topics in one command via watchlist.py.

Setup

Copy the sample config and edit it:

cp ~/.claude/skills/x-search/watchlist.yaml ~/.x-search.yaml

# ~/.x-search.yaml
accounts:
  - "@karpathy"
  - "@elonmusk"

trends:
  - "#AI"
  - "#LLM"

topics:
  - "Claude MCP"
  - "crude oil price"

Note: all accounts share the same execution parameters. For per-account customization, call x_search.py directly.

Usage

# Run everything
python3 ~/.claude/skills/x-search/watchlist.py --time 24h --lang zh --output ~/obsidian/X/

# Run one section only
python3 ~/.claude/skills/x-search/watchlist.py --only accounts --time 24h --output ~/obsidian/X/

# Custom config path
python3 ~/.claude/skills/x-search/watchlist.py --config ~/work-watchlist.yaml --time 24h

Scheduled Use (OpenClaw)

See OPENCLAW.md for full scheduling documentation — schedule formats, cron scenarios, delivery channels, and job management.

Error Handling

  • XAI_API_KEY not set: Tell the user to run export XAI_API_KEY=your_key
  • No results: Inform the user and suggest broadening the time range or checking the account name
  • API error: Show the error message and suggest checking the API key validity

Comments

Loading comments...