ClawHub

Get X Articles

v1.0.0

Use when the user needs to interact with X (Twitter) — searching tweets, looking up users/followers, posting tweets/replies, liking, retweeting, following/un...

0· 45·0 current·0 all-time
by@xquik·duplicate of @xquik/get-user-tweets
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth tokenPosts externally
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description advertise X (Twitter) interactions and the skill only requires XQUIK_API_KEY (and an optional per-webhook secret). All declared external endpoints (xquik.com, docs.xquik.com, mcp) and tools are directly related to those capabilities.
Instruction Scope
SKILL.md instructs the agent to query Xquik docs, use the MCP tools (explore, xquik), and call documented REST endpoints. It does not instruct reading arbitrary system files, broad environment variables, or sending user data to unexpected third parties. Webhook examples use the optional XQUIK_WEBHOOK_SECRET and note secure handling.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by an installer, minimizing supply-chain risk.
Credentials
Only XQUIK_API_KEY (primary) is required, which is appropriate for an API client; XQUIK_WEBHOOK_SECRET is optional and correctly scoped to webhook handlers. No unrelated credentials or excessive env vars are requested.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or attempt to change other skills' configs. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
Assessment
This skill is an instruction-only integration for the Xquik API and appears internally consistent. Before installing: (1) only provide a scoped, revocable XQUIK_API_KEY (avoid using a primary/high-privilege account key), rotate keys periodically, and revoke if compromised; (2) if you use webhooks, store XQUIK_WEBHOOK_SECRET securely (env var or secrets manager) and follow the signature verification guidance in the docs; (3) be aware of metered costs and rate limits — the skill can trigger paid endpoints, so confirm write/payment actions when prompted and monitor your billing/credit usage; (4) verify the reputation of xquik.com if you don't already trust the provider; and (5) remember that while this skill has no local installer or code, an agent with the skill and your API key can make network calls on your behalf, so grant the minimum necessary privileges and enable audit logging where available.

Like a lobster shell, security has layers — review code before you run it.

latestvk971nn79a6gh52nfmg14jqdxhx84rc08

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

𝕏 Clawdis
EnvXQUIK_API_KEY
Primary envXQUIK_API_KEY

Comments