Twitter Listen Comment
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can post comments from your X/Twitter account automatically, which can affect your reputation, violate platform rules, or publish text you did not review.
The code automatically generates a reply and then calls the posting workflow before marking success, with no user approval gate shown between generation and public submission.
reply_text = generate_reply(config['agentTarget'], tweet, config.get('replyStyle') or {})
post_result = post_reply(config['agentTarget'], tweet, reply_text)
send_notice(config, '评论成功')Add an explicit per-tweet confirmation or dry-run mode before posting, plus rate limits, allowlists, and an easy stop/disable mechanism.
The automation may act as whichever X account is logged into Chrome and uses a bearer token for API access, so a misconfigured profile or over-scoped token could cause unintended account activity.
The script sends TWITTER_TOKEN to the 6551 API and instructs the agent to use the authenticated Chrome profile for X/Twitter browser actions. This is account/session authority, not just local processing.
headers={'Authorization': f'Bearer {token}', 'Content-Type': 'application/json'}
...
'1. 必须使用 browser 工具,且 profile="chrome"。'Use a dedicated browser profile and dedicated low-privilege API token, declare the credential requirements in metadata, and clearly document which account will be used.
A watched tweet could steer the agent into generating or posting inappropriate content.
Untrusted tweet text is inserted into a reply-generation prompt, and the generated reply is then inserted into a second browser-control prompt. Without a review gate, hostile or manipulative tweet content could influence what gets posted.
f'推文正文:{tweet.get("text", "")}'
...
f'评论内容:{reply_text}'Treat tweet text and generated replies as untrusted data: delimit them clearly, filter outputs, and require human approval before browser submission.
If left running, the skill may continue detecting tweets and attempting comments in the background terminal/session.
The continuous loop is disclosed and purpose-aligned, but it means the automation keeps polling and can keep posting until the user stops it.
while True:
run_once(config_path)
time.sleep(interval)Run with --once for testing, monitor the process, and stop it when you no longer want automated posting.
The registry summary may understate what access and tools are needed before the skill works.
The registry metadata does not declare prerequisites that the provided SKILL.md and code require, including TWITTER_TOKEN, openclaw, and a logged-in Chrome session. The requirements are disclosed in the artifact text, so this is a metadata completeness issue rather than hidden behavior.
Required env vars: none Primary credential: none Required binaries (all must exist): none
Update metadata to declare TWITTER_TOKEN, openclaw, Chrome/Chrome Relay, and the account-session requirement.