Chirp
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Chirp is a transparent browser-based X/Twitter helper, but it uses your logged-in X session and can perform public account actions when directed.
Only install or invoke this skill if you want OpenClaw to use a logged-in X/Twitter browser session. Before any post, reply, repost, like, or follow, confirm the exact action and account, and consider using a separate browser profile to limit account exposure.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
61/61 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent can act as the logged-in X/Twitter account within the browser session.
The skill relies on a logged-in browser profile, which means actions are performed with the user's X/Twitter account privileges.
- `openclaw` browser profile - X/Twitter 계정 로그인 완료
Use a dedicated browser profile or test account if possible, and log out or remove the profile when you no longer want the agent to have access.
Mistaken or over-broad use could post, reply, like, repost, or follow from the user's account.
The browser tool is used for account-changing social actions. This is disclosed and aligned with the skill purpose, but the actions can affect public content and account state.
Use when the user wants to interact with X/Twitter: reading timeline, posting tweets, liking, retweeting, replying, or searching.
Require explicit user confirmation for every account-changing action, not only tweets, and review browser snapshots before clicking publish/repost/follow/like controls.