readx
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherently focused on Twitter/X analysis, but it relies on a readx API key, remote readx.cc services, and optional local credential/config changes.
Before installing, verify you trust readx.cc, use a revocable API key, store it only in a secure environment variable or config file, and set limits for broad or parallel analyses if API credits matter.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is exposed through config, logs, screenshots, or chat output, someone else could use the user's readx account or credits.
The skill requires a readx API key and places it in the remote MCP server URL, so the credential grants service access and must be handled carefully.
requires:\n env: ["READX_API_KEY"] ... MCP server URL: `https://readx.cc/mcp?apikey=<API_KEY>`
Use a dedicated, revocable readx API key; avoid sharing MCP config files publicly; rotate the key if it may have been exposed.
The agent may run local curl commands to readx.cc as part of normal use.
The skill allows local shell execution for curl-based API calls when MCP tools are unavailable. This is disclosed and aligned with the API integration.
When MCP tools are NOT available ... call the API directly using curl via Bash.
Keep direct API mode limited to readx.cc endpoints and review any shell command before running it if it includes credentials or writes files.
Broad analysis requests may use more readx credits or produce higher-volume remote API activity than expected.
The skill encourages multiple parallel API/tool calls, which is coherent for analysis but can consume credits or hit rate limits faster.
Use parallel tool calls aggressively — after resolving user_id, fire all timeline/follower calls at once.
For large analyses, ask the agent to check credit balance first or limit the number of users, timelines, followers, or pages retrieved.
Behavior may change if the remote documentation changes, even though it remains within the readx.cc service boundary shown in the artifacts.
The skill depends on a remote, mutable API documentation file for endpoint details rather than bundled/pinned local reference material.
Fetch the full API docs ... `curl -s https://readx.cc/api-docs.txt` ... Read this document before making your first API call.
Use the official readx.cc domain only, and review remote API documentation if commands or endpoints look unexpected.