Skill X Post Ai Image

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill appears to do what it advertises, but it can publish to an X/Twitter account using OAuth credentials and relies on an external image-generation helper.

Install this only if you are comfortable giving the environment X/Twitter OAuth tokens and a Gemini API key. Review the exact tweet text and image prompt before invocation, verify the external nano-banana-pro helper, and prefer dedicated credentials or a test account for automation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If invoked, the skill can use the configured X/Twitter credentials to upload media and post from the account.

Why it was flagged

The script reads X/Twitter OAuth credentials from environment variables. This is expected for a Twitter-posting skill, but those credentials authorize account actions and are not declared in registry metadata.

Skill content

CK  = os.environ["X_CONSUMER_KEY"]
CS  = os.environ["X_CONSUMER_SECRET"]
AT  = os.environ["X_ACCESS_TOKEN"]
ATS = os.environ["X_ACCESS_TOKEN_SECRET"]

Recommendation

Use dedicated, least-privilege X/Twitter app credentials where possible, review the exact tweet before running, and revoke tokens when no longer needed.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Running the command can publish public content to X/Twitter without an additional in-script confirmation prompt.

Why it was flagged

The script directly invokes xurl to publish the supplied text and optional media ID. This is aligned with the skill purpose, but it is an immediate external account mutation.

Skill content

cmd = ["xurl", "post", text]
if media_id:
    cmd += ["--media-id", media_id]

Recommendation

Only run it after confirming the tweet text, image prompt, and target account; consider wrapping it with a confirmation workflow for agent-driven use.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The behavior of image generation depends on the installed nano-banana-pro helper and any overridden NANO_BANANA_SCRIPT path.

Why it was flagged

Image generation is delegated to another skill's script outside this artifact set. That dependency is disclosed in SKILL.md, but its code is not included here for review.

Skill content

NANO_BANANA_SCRIPT = os.environ.get(
    "NANO_BANANA_SCRIPT",
    "/home/linuxbrew/.linuxbrew/lib/node_modules/openclaw/skills/nano-banana-pro/scripts/generate_image.py"
)

Recommendation

Verify the installed helper script and Python dependencies before use, and avoid setting NANO_BANANA_SCRIPT to an untrusted path.