Chirp
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: chirp Version: 1.0.1 The skill 'chirp' is designed to interact with X/Twitter using the OpenClaw browser tool. All instructions in SKILL.md exclusively use the `browser` tool to navigate to and interact with `x.com`. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts to subvert the agent's behavior beyond the stated purpose. The actions described (reading timeline, posting, liking, etc.) are clearly aligned with the skill's description and do not involve any high-risk behaviors like shell access, arbitrary network calls, or reading sensitive local files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent can act as the logged-in X/Twitter account within the browser session.
The skill relies on a logged-in browser profile, which means actions are performed with the user's X/Twitter account privileges.
- `openclaw` browser profile - X/Twitter 계정 로그인 완료
Use a dedicated browser profile or test account if possible, and log out or remove the profile when you no longer want the agent to have access.
Mistaken or over-broad use could post, reply, like, repost, or follow from the user's account.
The browser tool is used for account-changing social actions. This is disclosed and aligned with the skill purpose, but the actions can affect public content and account state.
Use when the user wants to interact with X/Twitter: reading timeline, posting tweets, liking, retweeting, replying, or searching.
Require explicit user confirmation for every account-changing action, not only tweets, and review browser snapshots before clicking publish/repost/follow/like controls.