技能详情(站内镜像,无评论)
作者:pbopps @3rdbrain
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 19 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:3rdbrain/x-leads-api
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code, requirements, and instructions are internally consistent with a Twitter (X) posting utility and the requested credentials match its purpose; no evidence of hidden exfiltration or unrelated privileges was found.
目的
Name/description match the code and required environment variables (X API key/secret and access token/secret). The included x-api.js implements posting, threading, replies, quote-tweets, likes, deletes, and timeline reads against api.twitter.com/2 using OAuth 1.0a — these require the declared credentials and are proportionate to the stated purpose.
说明范围
SKILL.md directs running the bundled Node script at /root/.openclaw/skills/x-api/x-api.js and warns against using other tools. That is unusual but not inherently malicious. One inconsistency: SKILL.md documents scheduling commands (schedule, schedule-thread) and says posts are 'saved to queue, posted by cron', but the provided x-api.js contains no scheduling/queue/cron implementation. Otherwise the runtime instructions primarily call the inclu…
安装机制
No install spec; the skill is instruction-plus-code only. No downloads from external URLs or package installs are present. The single JavaScript file has a clear purpose and no obfuscated or unusual install actions.
证书
Only four environment variables are required and they are precisely the OAuth 1.0a consumer key/secret and access token/secret needed to act as the user account. No unrelated credentials, config paths, or broad secrets are requested.
持久
The skill does not request always:true and does not modify other skills or system-wide settings. It will run the bundled script which has normal network access to Twitter APIs; autonomous invocation is allowed by default (not flagged on its own).
x-api.js:39
Environment variable access combined with network send.
综合结论
This skill appears to do what it says: it will use the four X/Twitter credentials you provide to act as that account and post/read tweets. Before installing: (1) Only supply credentials for an account you control and are comfortable automating — the script can post, like, and delete as that user. (2) Review the included x-api.js yourself or with someone you trust; there is no hidden outbound host other than api.twitter.com and no obfuscated co…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「X Publisher」。简介:Post tweets, threads, replies, and quote-tweets to X (Twitter) via API v2 with …。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/3rdbrain/x-leads-api/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: x-api
description: Post tweets, threads, replies, and quote-tweets to X (Twitter) via API v2 with OAuth 1.0a.
version: 1.0.0
author: ModelFitAI <skills@modelfitai.com>
license: MIT
keywords: [openclaw, skill, twitter, x, social-media, posting, oauth]
requires:
env: [X_API_KEY, X_API_SECRET, X_ACCESS_TOKEN, X_ACCESS_SECRET]
---
# X (Twitter) API Skill
## CRITICAL: Read This First
You control the X (Twitter) account **using the script at `/root/.openclaw/skills/x-api/x-api.js`**.
There is NO `twitter` command, NO Python, NO pip in this container. Do NOT search for other tools. Do NOT try to use curl with OAuth headers. Do NOT try to install anything.
**The ONLY way to post tweets is:**
```bash
node /root/.openclaw/skills/x-api/x-api.js post "Your tweet text here"
```
This script handles ALL OAuth 1.0a signing automatically using your configured API keys. Just run it.
## Commands
**Post a tweet:**
```bash
node /root/.openclaw/skills/x-api/x-api.js post "Hello world! This is my first tweet."
```
**Post a thread (multiple connected tweets):**
```bash
node /root/.openclaw/skills/x-api/x-api.js thread "First tweet of thread" "Second tweet continues..." "Third tweet wraps up"
```
**Reply to a tweet:**
```bash
node /root/.openclaw/skills/x-api/x-api.js reply 1234567890 "This is my reply"
```
**Quote-tweet:**
```bash
node /root/.openclaw/skills/x-api/x-api.js quote 1234567890 "Interesting take!"
```
**Like a tweet:**
```bash
node /root/.openclaw/skills/x-api/x-api.js like 1234567890
```
**Delete a tweet:**
```bash
node /root/.openclaw/skills/x-api/x-api.js delete 1234567890
```
**Check your recent tweets:**
```bash
node /root/.openclaw/skills/x-api/x-api.js timeline 10
```
**Schedule a tweet for later (saved to queue, posted by cron):**
```bash
node /root/.openclaw/skills/x-api/x-api.js schedule "Good morning!" "2026-02-22T09:00:00Z"
```
**Schedule a thread for later:**
```bash
node /root/.openclaw/skills/x-api/x-api.js schedule-thread "Tweet 1" "Tweet 2" "2026-02-22T09:00:00Z"
```
## How It Works
- The script uses Node.js built-in `crypto` module — zero dependencies
- OAuth 1.0a HMAC-SHA1 signing is done automatically
- API credentials are read from environment variables
- Output is JSON with `{ success: true/false, data: {...}, summary: "..." }`
## Important Rules
1. Always use `node /root/.openclaw/skills/x-api/x-api.js` — this is your Twitter tool
2. Never try `pip install`, `python`, `curl` with OAuth, or any other method
3. Tweet text max 280 characters
4. Thread max 25 tweets
5. The script returns JSON — check the `success` field to confirm it worked
## Environment Variables
- `X_API_KEY` — X API key (OAuth 1.0a consumer key)
- `X_API_SECRET` — X API secret
- `X_ACCESS_TOKEN` — Access token
- `X_ACCESS_SECRET` — Access token secret