openclaw 网盘下载
OpenClaw

技能详情(站内镜像,无评论)

首页 > 技能库 > X/Twitter by altf1be

Post tweets, threads, and media to X/Twitter via API v2 — secure OAuth 1.0a signing, minimal dependencies (commander + dotenv only).

媒体与内容

作者:Abdelkrim from Brussels @Abdelkrim

许可证:MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本:v1.1.3

统计:⭐ 1 · 515 · 3 current installs · 4 all-time installs

1

安装量(当前) 4

🛡 VirusTotal :良性 · OpenClaw :良性

Package:abdelkrim/x-twitter-by-altf1be

安全扫描(ClawHub)

  • VirusTotal :良性
  • OpenClaw :良性

OpenClaw 评估

The skill's requests, instructions, and bundled code are coherent with its stated purpose (posting to X/Twitter using OAuth 1.0a); nothing requested is disproportionate or unexplained.

目的

Name/description (post tweets/threads/media) matches the code and required environment variables (X_CONSUMER_KEY, X_CONSUMER_SECRET, X_ACCESS_TOKEN, X_ACCESS_TOKEN_SECRET). No unrelated credentials or external services are requested.

说明范围

SKILL.md only instructs installing dependencies and running the included CLI. The runtime instructions and the script operate only on user-provided content and the four OAuth env vars. Minor documentation mismatch: README mentions a 'Bearer Token' in prerequisites, but neither SKILL.md nor the code use a bearer token (the script uses OAuth 1.0a and v1.1 upload endpoints for media).

安装机制

No install spec in registry (instruction-only), but SKILL.md/README instructs 'npm install' which will pull 'commander' and 'dotenv' from the npm registry. This is expected for a Node CLI but carries the usual moderate risk of fetching packages from npm; package-lock.json is included and shows concrete versions.

证书

Only the four OAuth secrets required are declared and used by the code; these are proportionate to posting tweets and uploading media. The skill does not request unrelated secrets or system credentials.

持久

always is false and the skill does not request persistent system-wide privileges. It does not modify other skill configs or system-wide settings.

scripts/xpost.mjs:28

Environment variable access combined with network send.

scripts/xpost.mjs:13

File read combined with network send (possible exfiltration).

综合结论

This skill appears to do exactly what it claims: post tweets/threads and upload media using your X/Twitter OAuth keys. Before installing: (1) Verify you trust the skill source (GitHub link in metadata). (2) Keep the four OAuth secrets private (store in .env, do not commit). (3) Run npm install in an isolated environment if you are cautious — package-lock.json is present and shows only 'commander' and 'dotenv'. (4) Note the script will read med…

安装(复制给龙虾 AI)

将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「X/Twitter by altf1be」。简介:Post tweets, threads, and media to X/Twitter via API v2 — secure OAuth 1.0a sig…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/abdelkrim/x-twitter-by-altf1be/SKILL.md
(来源:yingzhi8.cn 技能库)

SKILL.md

打开原始 SKILL.md(GitHub raw)

---
name: x-twitter-by-altf1be
description: "Post tweets, threads, and media to X/Twitter via API v2 — secure OAuth 1.0a, no external npm dependencies."
homepage: https://github.com/ALT-F1-OpenClaw/openclaw-skill-x-twitter
metadata:
  {"openclaw": {"emoji": "🐦", "requires": {"env": ["X_CONSUMER_KEY", "X_CONSUMER_SECRET", "X_ACCESS_TOKEN", "X_ACCESS_TOKEN_SECRET"]}, "primaryEnv": "X_CONSUMER_KEY"}}
---

# X/Twitter by @altf1be

Post tweets, threads, and media to X/Twitter via the X API v2 with secure OAuth 1.0a signing.

## Setup

1. Get API keys from https://developer.x.com
2. Set environment variables (or create `.env` in `{baseDir}`):

```
X_CONSUMER_KEY=your-api-key
X_CONSUMER_SECRET=your-api-secret
X_ACCESS_TOKEN=your-access-token
X_ACCESS_TOKEN_SECRET=your-access-token-secret
```

3. Install dependencies: `cd {baseDir} && npm install`

## Commands

```bash
# Verify connection
node {baseDir}/scripts/xpost.mjs verify

# Post a tweet
node {baseDir}/scripts/xpost.mjs tweet "Hello from OpenClaw! 🦞"

# Post with image
node {baseDir}/scripts/xpost.mjs tweet "Check this out!" --media ./screenshot.png

# Reply to a tweet
node {baseDir}/scripts/xpost.mjs tweet "Great point!" --reply 1234567890

# Post a thread (inline)
node {baseDir}/scripts/xpost.mjs thread "First tweet" "Second tweet" "Third tweet"

# Post a thread (from file, tweets separated by ---)
node {baseDir}/scripts/xpost.mjs thread --file ./thread.md
```

## Thread file format

Create a file with tweets separated by `---`:

```
🚀 Announcing something cool!
---
Here's why it matters...
---
Check it out: https://example.com
#OpenSource #AI
```

## Security

- OAuth 1.0a user context signing (no app-only auth for write operations)
- No credentials printed to stdout
- API calls use pure Node.js `fetch` + built-in `node:crypto` (no third-party HTTP or OAuth libraries)
- Minimal dependencies: only `commander` (CLI framework) and `dotenv` (env loading)

## Author

Abdelkrim BOUJRAF — [ALT-F1 SRL](https://www.alt-f1.be), Brussels 🇧🇪
X: [@altf1be](https://x.com/altf1be)