X Twitter
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your X API token to make read-oriented API requests, which may consume rate limits or paid API quota.
The skill requires an X/Twitter bearer token. This credential use is clearly disclosed and directly aligned with accessing the X API.
metadata: { "openclaw": { "emoji": "𝕏", "requires": { "bins": ["python3"] }, "env": ["X_BEARER_TOKEN"], "primaryEnv": "X_BEARER_TOKEN" } }Use a token scoped appropriately for read-only API access when possible, and monitor X API usage or billing limits.
Queries and requested tweet IDs or trend locations are sent to X's API as part of normal operation.
The script makes external API requests using user-provided search parameters. This is expected for a Twitter/X search client and is not account-mutating.
response = requests.get(url, headers=self.headers, params=params)
Avoid entering sensitive private information as search queries unless you are comfortable sending it to X.
If requests is not already installed, the user may need to install it separately, and should use a trusted package source.
The scripts depend on the external Python requests package, but the artifact set has no install spec or pinned dependency file. There is no automatic install behavior shown.
import requests
Install dependencies from a trusted Python package index and prefer pinned versions in controlled environments.